Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-46054: A abort failure in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*) · Issue #4410 · WebAssembly/binaryen

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).

CVE
Open in Source
#vulnerability#web#linux#dos

Version:

command:

./bin/wasm-ctor-eval POC5

POC5.zip

Result

bt

Program received signal SIGABRT, Aborted.
[----------------------------------registers-----------------------------------]
RAX: 0x0 
RBX: 0x7ffff6d47fc0 (0x00007ffff6d47fc0)
RCX: 0x7ffff6ee118b (<__GI_raise+203>:  mov    rax,QWORD PTR [rsp+0x108])
RDX: 0x0 
RSI: 0x7fffffffcbe0 --> 0x0 
RDI: 0x2 
RBP: 0x7ffff7056588 ("%s%s%s:%u: %s%sAssertion `%s' failed.\n%n")
RSP: 0x7fffffffcbe0 --> 0x0 
RIP: 0x7ffff6ee118b (<__GI_raise+203>:  mov    rax,QWORD PTR [rsp+0x108])
R8 : 0x0 
R9 : 0x7fffffffcbe0 --> 0x0 
R10: 0x8 
R11: 0x246 
R12: 0x7ffff7e4e3d8 ("/home/zxq/CVE_testing/source/binaryen/src/wasm/wasm-binary.cpp")
R13: 0x1964 
R14: 0x7ffff7e4f588 ("curr->target != DELEGATE_CALLER_TARGET")
R15: 0x5555555f7030 --> 0x30246c6562616c ('label$0')
EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x7ffff6ee117f <__GI_raise+191>: mov    edi,0x2
   0x7ffff6ee1184 <__GI_raise+196>: mov    eax,0xe
   0x7ffff6ee1189 <__GI_raise+201>: syscall 
=> 0x7ffff6ee118b <__GI_raise+203>: mov    rax,QWORD PTR [rsp+0x108]
   0x7ffff6ee1193 <__GI_raise+211>: xor    rax,QWORD PTR fs:0x28
   0x7ffff6ee119c <__GI_raise+220>: jne    0x7ffff6ee11c4 <__GI_raise+260>
   0x7ffff6ee119e <__GI_raise+222>: mov    eax,r8d
   0x7ffff6ee11a1 <__GI_raise+225>: add    rsp,0x118
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffcbe0 --> 0x0 
0008| 0x7fffffffcbe8 --> 0x7ffff6f38850 (<__GI___libc_free>:    endbr64)
0016| 0x7fffffffcbf0 --> 0x7ffffbad8000 
0024| 0x7fffffffcbf8 --> 0x5555555e7920 --> 0x0 
0032| 0x7fffffffcc00 --> 0x5555555e7985 ("inaryBuilder::visitRethrow(wasm::Rethrow*): Assertion `curr->target != DELEGATE_CALLER_TARGET' failed.\n")
0040| 0x7fffffffcc08 --> 0x5555555e7920 --> 0x0 
0048| 0x7fffffffcc10 --> 0x5555555e7920 --> 0x0 
0056| 0x7fffffffcc18 --> 0x5555555e79ec --> 0x0 
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGABRT
__GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
50  ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
gdb-peda$ 
gdb-peda$ bt
#0  __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff6ec0859 in __GI_abort () at abort.c:79
#2  0x00007ffff6ec0729 in __assert_fail_base (fmt=0x7ffff7056588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x7ffff7e4f588 "curr->target != DELEGATE_CALLER_TARGET", 
    file=0x7ffff7e4e3d8 "/home/zxq/CVE_testing/source/binaryen/src/wasm/wasm-binary.cpp", line=0x1964, function=<optimized out>) at assert.c:92
#3  0x00007ffff6ed1f36 in __GI___assert_fail (assertion=0x7ffff7e4f588 "curr->target != DELEGATE_CALLER_TARGET", file=0x7ffff7e4e3d8 "/home/zxq/CVE_testing/source/binaryen/src/wasm/wasm-binary.cpp", 
    line=0x1964, function=0x7ffff7e4f548 "void wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*)") at assert.c:101
#4  0x00007ffff7c09ca1 in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*) () from /home/zxq/CVE_testing/source/binaryen/build/bin/../lib/libbinaryen.so
#5  0x00007ffff7c0b48c in wasm::WasmBinaryBuilder::readExpression(wasm::Expression*&) () from /home/zxq/CVE_testing/source/binaryen/build/bin/../lib/libbinaryen.so
#6  0x00007ffff7c0c17e in wasm::WasmBinaryBuilder::processExpressions() () from /home/zxq/CVE_testing/source/binaryen/build/bin/../lib/libbinaryen.so
#7  0x00007ffff7c0ff90 in wasm::WasmBinaryBuilder::getBlockOrSingleton(wasm::Type) () from /home/zxq/CVE_testing/source/binaryen/build/bin/../lib/libbinaryen.so
#8  0x00007ffff7c109bb in wasm::WasmBinaryBuilder::readFunctions() () from /home/zxq/CVE_testing/source/binaryen/build/bin/../lib/libbinaryen.so
#9  0x00007ffff7c11f52 in wasm::WasmBinaryBuilder::read() () from /home/zxq/CVE_testing/source/binaryen/build/bin/../lib/libbinaryen.so
#10 0x00007ffff7c3dec6 in wasm::ModuleReader::readBinaryData(std::vector<char, std::allocator<char> >&, wasm::Module&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) ()
   from /home/zxq/CVE_testing/source/binaryen/build/bin/../lib/libbinaryen.so
#11 0x00007ffff7c3e6cc in wasm::ModuleReader::readBinary(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, wasm::Module&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) () from /home/zxq/CVE_testing/source/binaryen/build/bin/../lib/libbinaryen.so
#12 0x00007ffff7c3eda1 in wasm::ModuleReader::read(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, wasm::Module&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) () from /home/zxq/CVE_testing/source/binaryen/build/bin/../lib/libbinaryen.so
#13 0x000055555556943e in main ()
#14 0x00007ffff6ec20b3 in __libc_start_main (main=0x5555555688c0 <main>, argc=0x2, argv=0x7fffffffe338, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe328)
    at ../csu/libc-start.c:308
#15 0x0000555555569e5e in _start ()

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE