Wabt
CVE-2022-43283
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.
AnalysisAI
wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. Affected products include: Webassembly Wabt.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetRetur
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDro
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild. Rated
A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical.cc of the component Malformed File Handl
A vulnerability was found in WebAssembly wabt 1.0.36. Rated low severity (CVSS 2.3), this vulnerability is remotely expl
A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::Inse
A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decom
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today