CVE-2020-18378

Source
https://cve.org/CVERecord?id=CVE-2020-18378
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-18378.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-18378
Downstream
Published
2023-08-22T19:15:55.143Z
Modified
2026-07-07T08:51:33.699942115Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.

References

Affected packages

Git / github.com/webassembly/binaryen

Affected ranges

Type
GIT
Repo
https://github.com/webassembly/binaryen
Events
Database specific
{
    "cpe": "cpe:2.3:a:webassembly:binaryen:1.38.26:*:*:*:*:*:*:*",
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "1.38.26"
        },
        {
            "last_affected": "1.38.26"
        }
    ]
}

Affected versions

1.*
1.38.26

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-18378.json"