CVE-2019-7154
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-7154
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7154.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-7154
- Downstream
- Published
- 2019-01-29T00:29:00Z
- Modified
- 2025-10-15T11:06:27.340590Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.
- References
Affected packages
Git / github.com/webassembly/binaryen
Affected ranges
- Type
- GIT
- Repo
- https://github.com/webassembly/binaryen
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.36.10
1.36.11
1.36.12
1.36.13
1.36.14
1.36.2
1.36.3
1.36.4
1.36.5
1.36.6
1.36.7
1.36.8
1.36.9
1.37.0
1.37.1
1.37.10
1.37.11
1.37.12
1.37.13
1.37.14
1.37.15
1.37.16
1.37.17
1.37.18
1.37.19
1.37.2
1.37.20
1.37.21
1.37.22
1.37.23
1.37.24
1.37.25
1.37.26
1.37.27
1.37.28
1.37.29
1.37.3
1.37.30
1.37.31
1.37.32
1.37.33
1.37.34
1.37.35
1.37.36
1.37.37
1.37.39
1.37.4
1.37.40
1.37.5
1.37.6
1.37.7
1.37.8
1.37.9
1.38.0
1.38.1
1.38.10
1.38.11
1.38.12
1.38.13
1.38.14
1.38.15
1.38.16
1.38.17
1.38.18
1.38.19
1.38.2
1.38.20
1.38.21
1.38.22
1.38.23
1.38.24
1.38.25
1.38.3
1.38.4
1.38.5
1.38.6
1.38.7
1.38.8
1.38.9
Other
binary_0xb
version_1
version_10
version_11
version_12
version_13
version_14
version_15
version_16
version_17
version_18
version_19
version_2
version_20
version_21
version_22
version_23
version_24
version_25
version_26
version_27
version_28
version_29
version_3
version_30
version_31
version_32
version_33
version_34
version_35
version_36
version_37
version_38
version_39
version_4
version_40
version_41
version_42
version_43
version_44
version_45
version_46
version_47
version_48
version_49
version_5
version_50
version_51
version_52
version_53
version_54
version_55
version_56
version_57
version_58
version_59
version_6
version_60
version_61
version_62
version_63
version_64
version_7
version_8
version_9
Database specific
{
"vanir_signatures": [
{
"signature_type": "Line",
"target": {
"file": "src/tools/wasm-emscripten-finalize.cpp"
},
"digest": {
"line_hashes": [
"22616790360282577033674605180077833219",
"191972970298653173444158597266287009694",
"14821571429962120343001262233210576335",
"151191529705392329886293484142824340752",
"185122690502798721846121553612976097687",
"53197629183357289701089927573176392278",
"324194258621610357039876706449906529187",
"288962724844564451928959159070423739797",
"119541822130047711562403959423585453020",
"196957992580538602360349810475843857508",
"266074370991696475216603390399545124213"
],
"threshold": 0.9
},
"source": "https://github.com/webassembly/binaryen/commit/153ba18ba99dc4dcef29a61e1e586af3df8d921d",
"deprecated": false,
"id": "CVE-2019-7154-309327dc",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"function": "AsmConstWalker::visitCall",
"file": "src/wasm/wasm-emscripten.cpp"
},
"digest": {
"length": 466.0,
"function_hash": "114506349049517890130313607795175520772"
},
"source": "https://github.com/webassembly/binaryen/commit/153ba18ba99dc4dcef29a61e1e586af3df8d921d",
"deprecated": false,
"id": "CVE-2019-7154-5c11ab82",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"function": "main",
"file": "src/tools/wasm-emscripten-finalize.cpp"
},
"digest": {
"length": 5871.0,
"function_hash": "138423354102750047574691565677008332270"
},
"source": "https://github.com/webassembly/binaryen/commit/153ba18ba99dc4dcef29a61e1e586af3df8d921d",
"deprecated": false,
"id": "CVE-2019-7154-8fb37496",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "src/wasm/wasm-emscripten.cpp"
},
"digest": {
"line_hashes": [
"315711385697882142515874801209616814643",
"296156224043627193328400495169611395702",
"77499482424643067126151120578878875266",
"274324235565113840226923181117945430074",
"90088919803854712328793541726553905294",
"239511132063355793396937242033905988083",
"37757062407568417218192717800299663089",
"99495896202181285171447783518041064724",
"39719218561181330581269317214892922476",
"130840213018713389535742735768989788570",
"59454224216472073359920052981429413417",
"81681221918972354805958228841923233931",
"61967027930462198887128716957949142642",
"16540623721121067462332746169520368488",
"89218691273730261051480484430257932328",
"80088878758691338675558368774357100149",
"36203083223426206760729530190185201362",
"214050444586084780357169729595550129855",
"41674973558809398479455871761264659042",
"189369635161906183679516518282489184360",
"143351518440347716055171766304302159734",
"41776136258577880614344662206580082890",
"50217705517904600268041040273596962622",
"193172374485864913901209068670512605948",
"184066918667677860940062195156789695990",
"87407311439441835597684821978109907569",
"135947261108190545169005646228083740563",
"96562869205760499504990143647018032837",
"184528604685741297685066204159611654836",
"296700476545690631986867236150304976384",
"169728093976989309268302028951847201368",
"291789020970159672831707353184537475750",
"170228873566876733807541136341936756863",
"332714337655117707011562848579240136886",
"266592970334377096938786646358898995910",
"244907938788025967984980323528724878551"
],
"threshold": 0.9
},
"source": "https://github.com/webassembly/binaryen/commit/153ba18ba99dc4dcef29a61e1e586af3df8d921d",
"deprecated": false,
"id": "CVE-2019-7154-a1e1d720",
"signature_version": "v1"
}
]
}