CVE-2023-52284

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-52284
Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/bytecodealliance/wasm-micro-runtime/compare/WAMR-1.2.3...WAMR-1.3.0 Patch
https://github.com/bytecodealliance/wasm-micro-runtime/issues/2586 Exploit Issue Tracking Patch Vendor Advisory
https://github.com/bytecodealliance/wasm-micro-runtime/pull/2590 Patch
Configurations

Configuration 1 (hide)

cpe:2.3:a:bytecodealliance:webassembly_micro_runtime:*:*:*:*:*:*:*:*
History

08 Jan 2024, 19:07

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CPE cpe:2.3:a:bytecodealliance:webassembly_micro_runtime:*:*:*:*:*:*:*:*
References () https://github.com/bytecodealliance/wasm-micro-runtime/compare/WAMR-1.2.3...WAMR-1.3.0 - () https://github.com/bytecodealliance/wasm-micro-runtime/compare/WAMR-1.2.3...WAMR-1.3.0 - Patch
References () https://github.com/bytecodealliance/wasm-micro-runtime/issues/2586 - () https://github.com/bytecodealliance/wasm-micro-runtime/issues/2586 - Exploit, Issue Tracking, Patch, Vendor Advisory
References () https://github.com/bytecodealliance/wasm-micro-runtime/pull/2590 - () https://github.com/bytecodealliance/wasm-micro-runtime/pull/2590 - Patch
Summary
  • (es) Bytecode Alliance wasm-micro-runtime (también conocido como WebAssembly Micro Runtime o WAMR) anterior a 1.3.0 puede tener un error de "double free or corruption" para un módulo WebAssembly válido porque push_pop_frame_ref_offset no se maneja correctamente.
First Time Bytecodealliance webassembly Micro Runtime
Bytecodealliance
CWE CWE-415

31 Dec 2023, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-31 06:15

Updated : 2024-01-08 19:07

NVD link : CVE-2023-52284

Mitre link : CVE-2023-52284

CVE.ORG link : CVE-2023-52284

JSON object : View

Products Affected

bytecodealliance

  • webassembly_micro_runtime
CWE
CWE-415

Double Free