Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-46048: A abort failure in wasm::WasmBinaryBuilder::readFunctions · Issue #4412 · WebAssembly/binaryen

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions.

CVE
Open in Source
#vulnerability#web#ios#linux#dos
Program received signal SIGABRT, Aborted.
[----------------------------------registers-----------------------------------]
RAX: 0x0 
RBX: 0x7ffff4416040 (0x00007ffff4416040)
RCX: 0x7ffff446018b (<__GI_raise+203>:  mov    rax,QWORD PTR [rsp+0x108])
RDX: 0x0 
RSI: 0x7fffffff9970 --> 0x0 
RDI: 0x2 
RBP: 0x7ffff45d5588 ("%s%s%s:%u: %s%sAssertion `%s' failed.\n%n")
RSP: 0x7fffffff9970 --> 0x0 
RIP: 0x7ffff446018b (<__GI_raise+203>:  mov    rax,QWORD PTR [rsp+0x108])
R8 : 0x0 
R9 : 0x7fffffff9970 --> 0x0 
R10: 0x8 
R11: 0x246 
R12: 0x7ffff7b29060 ("/home/zxq/CVE_testing/project/binaryen/src/wasm/wasm-binary.cpp")
R13: 0x8d4 
R14: 0x7ffff7b2b8e0 ("exceptionTargetNames.empty()")
R15: 0x615000006200 --> 0x60300001aba0 --> 0x30246c6562616c ('label$0')
EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x7ffff446017f <__GI_raise+191>: mov    edi,0x2
   0x7ffff4460184 <__GI_raise+196>: mov    eax,0xe
   0x7ffff4460189 <__GI_raise+201>: syscall 
=> 0x7ffff446018b <__GI_raise+203>: mov    rax,QWORD PTR [rsp+0x108]
   0x7ffff4460193 <__GI_raise+211>: xor    rax,QWORD PTR fs:0x28
   0x7ffff446019c <__GI_raise+220>: jne    0x7ffff44601c4 <__GI_raise+260>
   0x7ffff446019e <__GI_raise+222>: mov    eax,r8d
   0x7ffff44601a1 <__GI_raise+225>: add    rsp,0x118
[------------------------------------stack-------------------------------------]
0000| 0x7fffffff9970 --> 0x0 
0008| 0x7fffffff9978 --> 0x4cb020 (<free>:  push   rbp)
0016| 0x7fffffff9980 --> 0xfbad8000 --> 0x0 
0024| 0x7fffffff9988 --> 0x612000000340 --> 0x74706f2d63000001 
0032| 0x7fffffff9990 --> 0x6120000003a5 ("Builder::readFunctions(): Assertion `exceptionTargetNames.empty()' failed.\n")
0040| 0x7fffffff9998 --> 0x612000000340 --> 0x74706f2d63000001 
0048| 0x7fffffff99a0 --> 0x612000000340 --> 0x74706f2d63000001 
0056| 0x7fffffff99a8 --> 0x6120000003f0 --> 0x0 
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGABRT
__GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
50  ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
gdb-peda$ bt
#0  __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff443f859 in __GI_abort () at abort.c:79
#2  0x00007ffff443f729 in __assert_fail_base (fmt=0x7ffff45d5588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x7ffff7b2b8e0 <str> "exceptionTargetNames.empty()", 
    file=0x7ffff7b29060 <str> "/home/zxq/CVE_testing/project/binaryen/src/wasm/wasm-binary.cpp", line=0x8d4, function=<optimized out>) at assert.c:92
#3  0x00007ffff4450f36 in __GI___assert_fail (assertion=0x7ffff7b2b8e0 <str> "exceptionTargetNames.empty()", file=0x7ffff7b29060 <str> "/home/zxq/CVE_testing/project/binaryen/src/wasm/wasm-binary.cpp", 
    line=0x8d4, function=0x7ffff7b2b840 <__PRETTY_FUNCTION__._ZN4wasm17WasmBinaryBuilder13readFunctionsEv> "void wasm::WasmBinaryBuilder::readFunctions()") at assert.c:101
#4  0x00007ffff6ea794d in wasm::WasmBinaryBuilder::readFunctions (this=<optimized out>) at /home/zxq/CVE_testing/project/binaryen/src/wasm/wasm-binary.cpp:2260
#5  0x00007ffff6e988a2 in wasm::WasmBinaryBuilder::read (this=0x7fffffffa6e0) at /home/zxq/CVE_testing/project/binaryen/src/wasm/wasm-binary.cpp:1426
#6  0x00007ffff7046785 in wasm::ModuleReader::readBinaryData (this=<optimized out>, input=..., wasm=..., sourceMapFilename=<incomplete type>) at /home/zxq/CVE_testing/project/binaryen/src/wasm/wasm-io.cpp:63
#7  0x00007ffff7046f76 in wasm::ModuleReader::readBinary (this=<optimized out>, filename=<incomplete type>, wasm=..., sourceMapFilename=<incomplete type>)
    at /home/zxq/CVE_testing/project/binaryen/src/wasm/wasm-io.cpp:74
#8  0x00007ffff7047e1c in wasm::ModuleReader::read (this=<optimized out>, filename=<incomplete type>, wasm=..., sourceMapFilename=<incomplete type>)
    at /home/zxq/CVE_testing/project/binaryen/src/wasm/wasm-io.cpp:97
#9  0x00000000006ae0ff in main (argc=<optimized out>, argv=<optimized out>) at /home/zxq/CVE_testing/project/binaryen/src/tools/wasm-opt.cpp:249
#10 0x00007ffff44410b3 in __libc_start_main (main=0x6a6b70 <main(int, char const**)>, argc=0x2, argv=0x7fffffffe328, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, 
    stack_end=0x7fffffffe318) at ../csu/libc-start.c:308
#11 0x0000000000452bde in _start () at /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/iostream:74

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE