Vulnerability Description
Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bytecodealliance | Webassembly Micro Runtime | < 1.3.0 |
Related Weaknesses (CWE)
References
- https://github.com/bytecodealliance/wasm-micro-runtime/compare/WAMR-1.2.3...WAMRPatch
- https://github.com/bytecodealliance/wasm-micro-runtime/issues/2586ExploitIssue TrackingPatch
- https://github.com/bytecodealliance/wasm-micro-runtime/pull/2590Patch
- https://github.com/bytecodealliance/wasm-micro-runtime/compare/WAMR-1.2.3...WAMRPatch
- https://github.com/bytecodealliance/wasm-micro-runtime/issues/2586ExploitIssue TrackingPatch
- https://github.com/bytecodealliance/wasm-micro-runtime/pull/2590Patch
FAQ
What is CVE-2023-52284?
CVE-2023-52284 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset...
How severe is CVE-2023-52284?
CVE-2023-52284 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-52284?
Check the references section above for vendor advisories and patch information. Affected products include: Bytecodealliance Webassembly Micro Runtime.