CVE-2020-18378

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-18378
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-18378.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-18378
Downstream
Published
2023-08-22T19:15:55.143Z
Modified
2025-11-14T10:54:11.728510Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.

References

Affected packages

Git / github.com/webassembly/binaryen

Affected ranges

Type
GIT
Repo
https://github.com/webassembly/binaryen
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
484f62f985cb2180139d1cf991ac04ee41635417

Affected versions

1.*

1.36.10
1.36.11
1.36.12
1.36.13
1.36.14
1.36.2
1.36.3
1.36.4
1.36.5
1.36.6
1.36.7
1.36.8
1.36.9
1.37.0
1.37.1
1.37.10
1.37.11
1.37.12
1.37.13
1.37.14
1.37.15
1.37.16
1.37.17
1.37.18
1.37.19
1.37.2
1.37.20
1.37.21
1.37.22
1.37.23
1.37.24
1.37.25
1.37.26
1.37.27
1.37.28
1.37.29
1.37.3
1.37.30
1.37.31
1.37.32
1.37.33
1.37.34
1.37.35
1.37.36
1.37.37
1.37.39
1.37.4
1.37.40
1.37.5
1.37.6
1.37.7
1.37.8
1.37.9
1.38.0
1.38.1
1.38.10
1.38.11
1.38.12
1.38.13
1.38.14
1.38.15
1.38.16
1.38.17
1.38.18
1.38.19
1.38.2
1.38.20
1.38.21
1.38.22
1.38.23
1.38.24
1.38.25
1.38.26
1.38.3
1.38.4
1.38.5
1.38.6
1.38.7
1.38.8
1.38.9

Other

binary_0xb
version_1
version_10
version_11
version_12
version_13
version_14
version_15
version_16
version_17
version_18
version_19
version_2
version_20
version_21
version_22
version_23
version_24
version_25
version_26
version_27
version_28
version_29
version_3
version_30
version_31
version_32
version_33
version_34
version_35
version_36
version_37
version_38
version_39
version_4
version_40
version_41
version_42
version_43
version_44
version_45
version_46
version_47
version_48
version_49
version_5
version_50
version_51
version_52
version_53
version_54
version_55
version_56
version_57
version_58
version_59
version_6
version_60
version_61
version_62
version_63
version_64
version_65
version_66
version_67
version_7
version_8
version_9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-18378.json"