What is CVE-2019-7152?

CVE-2019-7152 is a vulnerability in the Binaryen software library that allows for a heap-based buffer over-read, potentially leading to denial-of-service.

What is the severity of CVE-2019-7152?

CVE-2019-7152 has a severity rating of medium, with a CVSS score of 6.5.

How does CVE-2019-7152 affect Webassembly Binaryen?

CVE-2019-7152 affects Webassembly Binaryen up to version 1.38.22, potentially leading to denial-of-service due to segmentation faults caused by a crafted input.

How can the CVE-2019-7152 vulnerability be exploited?

The CVE-2019-7152 vulnerability can be exploited by providing a specifically crafted input, causing the wasm::WasmBinaryBuilder::processFunctions() function in wasm/wasm-binary.cpp to read past the end of the allocated buffer.

Is there a fix available for CVE-2019-7152?

To mitigate the CVE-2019-7152 vulnerability, it is recommended to update Webassembly Binaryen to a version above 1.38.22.

Vulnerability/
CVE-2019-7152

medium

6.5

CWE

125

29/1/2019

21/11/2024

CVE-2019-7152

First published: Tue Jan 29 2019(Updated: )

A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Webassembly Binaryen	<65
	<65

Remedy

https://github.com/WebAssembly/binaryen/issues/1880

Never miss a vulnerability like this again

Reference Links

https://github.com/WebAssembly/binaryen/issues/1880

Frequently Asked Questions

What is CVE-2019-7152?
CVE-2019-7152 is a vulnerability in the Binaryen software library that allows for a heap-based buffer over-read, potentially leading to denial-of-service.
What is the severity of CVE-2019-7152?
CVE-2019-7152 has a severity rating of medium, with a CVSS score of 6.5.
How does CVE-2019-7152 affect Webassembly Binaryen?
CVE-2019-7152 affects Webassembly Binaryen up to version 1.38.22, potentially leading to denial-of-service due to segmentation faults caused by a crafted input.
How can the CVE-2019-7152 vulnerability be exploited?
The CVE-2019-7152 vulnerability can be exploited by providing a specifically crafted input, causing the wasm::WasmBinaryBuilder::processFunctions() function in wasm/wasm-binary.cpp to read past the end of the allocated buffer.
Is there a fix available for CVE-2019-7152?
To mitigate the CVE-2019-7152 vulnerability, it is recommended to update Webassembly Binaryen to a version above 1.38.22.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/references
agent/remedy
agent/first-publish-date
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
vendor/webassembly
canonical/webassembly binaryen

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.