← volver
CVE-2024-28123

Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters

CVSS 7.3 HIGHEPSS 0.8%CWE-787
Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn’t affect calls from Wasm to Wasm, only from host to Wasm. This vulnerability was patched in version 0.31.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Productos afectados
wasmi-labs · wasmi

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792fhttps://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq