CVE-2019-7700
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-7700
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7700.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-7700
- Downstream
- Published
- 2019-02-10T22:29:00Z
- Modified
- 2025-09-16T07:05:36.975603Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge.
- References
Affected packages
Debian:11 / binaryen
Package
- Name
- binaryen
- Purl
- pkg:deb/debian/binaryen?arch=source
Debian:12 / binaryen
Package
- Name
- binaryen
- Purl
- pkg:deb/debian/binaryen?arch=source
Debian:13 / binaryen
Package
- Name
- binaryen
- Purl
- pkg:deb/debian/binaryen?arch=source
Debian:14 / binaryen
Package
- Name
- binaryen
- Purl
- pkg:deb/debian/binaryen?arch=source
Git / github.com/webassembly/binaryen
Affected ranges
- Type
- GIT
- Repo
- https://github.com/webassembly/binaryen
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.36.10
1.36.11
1.36.12
1.36.13
1.36.14
1.36.2
1.36.3
1.36.4
1.36.5
1.36.6
1.36.7
1.36.8
1.36.9
1.37.0
1.37.1
1.37.10
1.37.11
1.37.12
1.37.13
1.37.14
1.37.15
1.37.16
1.37.17
1.37.18
1.37.19
1.37.2
1.37.20
1.37.21
1.37.22
1.37.23
1.37.24
1.37.25
1.37.26
1.37.27
1.37.28
1.37.29
1.37.3
1.37.30
1.37.31
1.37.32
1.37.33
1.37.34
1.37.35
1.37.36
1.37.37
1.37.39
1.37.4
1.37.40
1.37.5
1.37.6
1.37.7
1.37.8
1.37.9
1.38.0
1.38.1
1.38.10
1.38.11
1.38.12
1.38.13
1.38.14
1.38.15
1.38.16
1.38.17
1.38.18
1.38.19
1.38.2
1.38.20
1.38.21
1.38.22
1.38.23
1.38.3
1.38.4
1.38.5
1.38.6
1.38.7
1.38.8
1.38.9
Other
binary_0xb
version_1
version_10
version_11
version_12
version_13
version_14
version_15
version_16
version_17
version_18
version_19
version_2
version_20
version_21
version_22
version_23
version_24
version_25
version_26
version_27
version_28
version_29
version_3
version_30
version_31
version_32
version_33
version_34
version_35
version_36
version_37
version_38
version_39
version_4
version_40
version_41
version_42
version_43
version_44
version_45
version_46
version_47
version_48
version_49
version_5
version_50
version_51
version_52
version_53
version_54
version_55
version_56
version_57
version_58
version_59
version_6
version_60
version_61
version_62
version_63
version_7
version_8
version_9
Database specific
{
"vanir_signatures": [
{
"target": {
"file": "src/asm2wasm.h",
"function": "Asm2WasmBuilder::processAsm"
},
"digest": {
"length": 21129.0,
"function_hash": "143737180360553465436118507774498010635"
},
"signature_version": "v1",
"id": "CVE-2019-7700-4f2294f7",
"source": "https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "src/wasm-emscripten.h"
},
"digest": {
"line_hashes": [
"197834386609990190660658376494400634047",
"230751627369602897535367828388051389677",
"336859316406527781017065435234404248053",
"41276762427330585015445567180683194467"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2019-7700-55914de7",
"source": "https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313",
"signature_type": "Line",
"deprecated": false
},
{
"target": {
"file": "src/tools/wasm-emscripten-finalize.cpp"
},
"digest": {
"line_hashes": [
"67763751847475704613137488435997492917",
"11092678074950976786541223300914299782",
"83014327735221591191479881775992125775",
"32795490460723772134172091328908985275",
"150081489502840546503510411609202865508",
"186502562418831327916913906281059240037",
"81062518221878434523040895973597062096",
"255791717607742475400212674930341013721",
"279059291008106175449343664540853882718",
"119516556563219962869888727107305829281",
"273268632913118307560910743007064707345",
"206270979931966135522688490632349305102",
"205007461897933857657602724876834633565",
"129589606498150712070120989213094759998",
"192680331533594347188278206392354265110",
"202703705032309117778443815604253559795",
"27147988621632559671180398895940792122",
"237128518898913234383340250069850836436",
"30862407209301333969246506920178724397",
"23561735558910007848793400252220641720",
"8809195615572420798691655763271322252",
"205153151581145418897379838572825814524",
"254667827196645618469755417729989716259",
"85227045920208427987069202340945838114"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2019-7700-7bcdf074",
"source": "https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313",
"signature_type": "Line",
"deprecated": false
},
{
"target": {
"file": "src/tools/wasm-emscripten-finalize.cpp",
"function": "main"
},
"digest": {
"length": 5464.0,
"function_hash": "122687133488173724193644540400869789453"
},
"signature_version": "v1",
"id": "CVE-2019-7700-ab34f2ab",
"source": "https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "src/wasm/wasm-emscripten.cpp"
},
"digest": {
"line_hashes": [
"311603147456977400152429201973903889504",
"267254175071185226879431060299918005990",
"189614778024756723211343449732418475698",
"16919839466976018149161181660787991618",
"186424230218048978421671979781596487795",
"284363801826454717926384585556320189329",
"113500351515846633073416403242055535705",
"168914480211122056088036509523057995414",
"35580501077459053214680905063622064199",
"167467896953935516288542812179644102333",
"146423767868341463157147956075368395472",
"299488347443531629906127720449003520723"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2019-7700-b308183b",
"source": "https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313",
"signature_type": "Line",
"deprecated": false
},
{
"target": {
"file": "src/asm2wasm.h"
},
"digest": {
"line_hashes": [
"93311049439594093655913658023033474700",
"29165148232231256482909389094154516982",
"267255509956472768128922367426232857231",
"313400781351748657887649211950082601060",
"9879456224345171386945151762644809925",
"72436541964025692405781322418071947728",
"160644238717616448485963672048490716178",
"131420967666337165016804812834186228928",
"31806524227782282141341988971711701624",
"114848884344023823327877959484529743021",
"16532795352022162883742029384269484770",
"219824183060125624607695481158430492146",
"18644794995939299628455904051998062848",
"295919784213093232839483042343648558836",
"105147925275387406829980559424256433409"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2019-7700-c736ddf5",
"source": "https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313",
"signature_type": "Line",
"deprecated": false
},
{
"target": {
"file": "src/wasm/wasm-emscripten.cpp",
"function": "EmscriptenGlueGenerator::generateStackInitialization"
},
"digest": {
"length": 380.0,
"function_hash": "321581028299307693081369001656568394191"
},
"signature_version": "v1",
"id": "CVE-2019-7700-f0f2d28b",
"source": "https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313",
"signature_type": "Function",
"deprecated": false
}
]
}