CVE-2020-18382
First published: Tue Aug 22 2023(Updated: )
Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webassembly Binaryen | =1.38.26 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-18382?
CVE-2020-18382 is a heap-buffer-overflow vulnerability in the wasm::WasmBinaryBuilder::visitBlock function in Binaryen 1.38.26.
What is the severity of CVE-2020-18382?
The severity of CVE-2020-18382 is medium with a CVSS score of 6.5.
How can CVE-2020-18382 be exploited?
CVE-2020-18382 can be exploited by using a crafted wasm input that causes a segmentation fault, leading to denial-of-service.
Which software versions are affected by CVE-2020-18382?
Binaryen version 1.38.26 is affected by CVE-2020-18382.
How do I fix CVE-2020-18382?
To fix CVE-2020-18382, update to a version of Binaryen that is not affected by the vulnerability.
- collector/nvd-api
- collector/nvd-index
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/weakness
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/webassembly
- canonical/webassembly binaryen
- version/webassembly binaryen/1.38.26