Binaryen
Monthly
Denial of service via reachable assertion in WebAssembly Binaryen up to version 117 allows local attackers with low privileges to crash the BrOn parser component by providing malformed WebAssembly bytecode that triggers an unhandled assertion in the IRBuilder::makeBrOn function, with publicly available exploit code and vendor patch already released.
Null pointer dereference in WebAssembly Binaryen up to version 125 allows local authenticated users to cause denial of service by manipulating the Index argument in IRBuilder::makeLocalGet, IRBuilder::makeLocalSet, or IRBuilder::makeLocalTee functions. Public exploit code exists, though real-world impact is minimal given the very low EPSS score (0.03%, 7th percentile) and local-access-only attack vector. This vulnerability is low-severity and unlikely to be prioritized for rapid patching in most environments.
Heap-based buffer overflow in WebAssembly Binaryen up to version 125 within the WasmBinaryReader::readExport function allows local attackers with low privileges to cause limited information disclosure and integrity compromise. The vulnerability requires local access and authenticated privileges but has extremely low real-world exploitability with EPSS score of 0.04% despite publicly available proof-of-concept code, indicating this is a narrow, low-impact issue unlikely to be prioritized in most threat environments.
Denial of service via reachable assertion in WebAssembly Binaryen up to version 117 allows local attackers with low privileges to crash the BrOn parser component by providing malformed WebAssembly bytecode that triggers an unhandled assertion in the IRBuilder::makeBrOn function, with publicly available exploit code and vendor patch already released.
Null pointer dereference in WebAssembly Binaryen up to version 125 allows local authenticated users to cause denial of service by manipulating the Index argument in IRBuilder::makeLocalGet, IRBuilder::makeLocalSet, or IRBuilder::makeLocalTee functions. Public exploit code exists, though real-world impact is minimal given the very low EPSS score (0.03%, 7th percentile) and local-access-only attack vector. This vulnerability is low-severity and unlikely to be prioritized for rapid patching in most environments.
Heap-based buffer overflow in WebAssembly Binaryen up to version 125 within the WasmBinaryReader::readExport function allows local attackers with low privileges to cause limited information disclosure and integrity compromise. The vulnerability requires local access and authenticated privileges but has extremely low real-world exploitability with EPSS score of 0.04% despite publicly available proof-of-concept code, indicating this is a narrow, low-impact issue unlikely to be prioritized in most threat environments.