CVE-2024-28123
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.3EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
08 Mar 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn’t affect calls from Wasm to Wasm, only from host to Wasm. This vulnerability was patched in version 0.31.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected products
wasmi-labs · wasmi