CVE-2019-7701

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-7701

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7701.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-7701

Downstream

DEBIAN-CVE-2019-7701

Published

2019-02-10T22:29:00Z

Modified

2025-10-15T11:09:49.473761Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js.

References

https://github.com/WebAssembly/binaryen/issues/1863

Affected packages

Git / github.com/webassembly/binaryen

Affected ranges

Type: GIT
Repo: https://github.com/webassembly/binaryen
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

777d33d40ff030f1711c40bf3cd5bc4bc36af313

Affected versions

1.*

1.36.10

1.36.11

1.36.12

1.36.13

1.36.14

1.36.2

1.36.3

1.36.4

1.36.5

1.36.6

1.36.7

1.36.8

1.36.9

1.37.0

1.37.1

1.37.10

1.37.11

1.37.12

1.37.13

1.37.14

1.37.15

1.37.16

1.37.17

1.37.18

1.37.19

1.37.2

1.37.20

1.37.21

1.37.22

1.37.23

1.37.24

1.37.25

1.37.26

1.37.27

1.37.28

1.37.29

1.37.3

1.37.30

1.37.31

1.37.32

1.37.33

1.37.34

1.37.35

1.37.36

1.37.37

1.37.39

1.37.4

1.37.40

1.37.5

1.37.6

1.37.7

1.37.8

1.37.9

1.38.0

1.38.1

1.38.10

1.38.11

1.38.12

1.38.13

1.38.14

1.38.15

1.38.16

1.38.17

1.38.18

1.38.19

1.38.2

1.38.20

1.38.21

1.38.22

1.38.23

1.38.3

1.38.4

1.38.5

1.38.6

1.38.7

1.38.8

1.38.9

Other

binary_0xb

version_1

version_10

version_11

version_12

version_13

version_14

version_15

version_16

version_17

version_18

version_19

version_2

version_20

version_21

version_22

version_23

version_24

version_25

version_26

version_27

version_28

version_29

version_3

version_30

version_31

version_32

version_33

version_34

version_35

version_36

version_37

version_38

version_39

version_4

version_40

version_41

version_42

version_43

version_44

version_45

version_46

version_47

version_48

version_49

version_5

version_50

version_51

version_52

version_53

version_54

version_55

version_56

version_57

version_58

version_59

version_6

version_60

version_61

version_62

version_63

version_7

version_8

version_9

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "target": {
            "function": "Asm2WasmBuilder::processAsm",
            "file": "src/asm2wasm.h"
        },
        "deprecated": false,
        "source": "https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313",
        "digest": {
            "function_hash": "143737180360553465436118507774498010635",
            "length": 21129.0
        },
        "id": "CVE-2019-7701-4f2294f7",
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "src/wasm-emscripten.h"
        },
        "deprecated": false,
        "source": "https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "197834386609990190660658376494400634047",
                "230751627369602897535367828388051389677",
                "336859316406527781017065435234404248053",
                "41276762427330585015445567180683194467"
            ]
        },
        "id": "CVE-2019-7701-55914de7",
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "src/tools/wasm-emscripten-finalize.cpp"
        },
        "deprecated": false,
        "source": "https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "67763751847475704613137488435997492917",
                "11092678074950976786541223300914299782",
                "83014327735221591191479881775992125775",
                "32795490460723772134172091328908985275",
                "150081489502840546503510411609202865508",
                "186502562418831327916913906281059240037",
                "81062518221878434523040895973597062096",
                "255791717607742475400212674930341013721",
                "279059291008106175449343664540853882718",
                "119516556563219962869888727107305829281",
                "273268632913118307560910743007064707345",
                "206270979931966135522688490632349305102",
                "205007461897933857657602724876834633565",
                "129589606498150712070120989213094759998",
                "192680331533594347188278206392354265110",
                "202703705032309117778443815604253559795",
                "27147988621632559671180398895940792122",
                "237128518898913234383340250069850836436",
                "30862407209301333969246506920178724397",
                "23561735558910007848793400252220641720",
                "8809195615572420798691655763271322252",
                "205153151581145418897379838572825814524",
                "254667827196645618469755417729989716259",
                "85227045920208427987069202340945838114"
            ]
        },
        "id": "CVE-2019-7701-7bcdf074",
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "main",
            "file": "src/tools/wasm-emscripten-finalize.cpp"
        },
        "deprecated": false,
        "source": "https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313",
        "digest": {
            "function_hash": "122687133488173724193644540400869789453",
            "length": 5464.0
        },
        "id": "CVE-2019-7701-ab34f2ab",
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "src/wasm/wasm-emscripten.cpp"
        },
        "deprecated": false,
        "source": "https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "311603147456977400152429201973903889504",
                "267254175071185226879431060299918005990",
                "189614778024756723211343449732418475698",
                "16919839466976018149161181660787991618",
                "186424230218048978421671979781596487795",
                "284363801826454717926384585556320189329",
                "113500351515846633073416403242055535705",
                "168914480211122056088036509523057995414",
                "35580501077459053214680905063622064199",
                "167467896953935516288542812179644102333",
                "146423767868341463157147956075368395472",
                "299488347443531629906127720449003520723"
            ]
        },
        "id": "CVE-2019-7701-b308183b",
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "src/asm2wasm.h"
        },
        "deprecated": false,
        "source": "https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "93311049439594093655913658023033474700",
                "29165148232231256482909389094154516982",
                "267255509956472768128922367426232857231",
                "313400781351748657887649211950082601060",
                "9879456224345171386945151762644809925",
                "72436541964025692405781322418071947728",
                "160644238717616448485963672048490716178",
                "131420967666337165016804812834186228928",
                "31806524227782282141341988971711701624",
                "114848884344023823327877959484529743021",
                "16532795352022162883742029384269484770",
                "219824183060125624607695481158430492146",
                "18644794995939299628455904051998062848",
                "295919784213093232839483042343648558836",
                "105147925275387406829980559424256433409"
            ]
        },
        "id": "CVE-2019-7701-c736ddf5",
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "EmscriptenGlueGenerator::generateStackInitialization",
            "file": "src/wasm/wasm-emscripten.cpp"
        },
        "deprecated": false,
        "source": "https://github.com/webassembly/binaryen/commit/777d33d40ff030f1711c40bf3cd5bc4bc36af313",
        "digest": {
            "function_hash": "321581028299307693081369001656568394191",
            "length": 380.0
        },
        "id": "CVE-2019-7701-f0f2d28b",
        "signature_version": "v1"
    }
]