Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-46055: A abort failure in wasm::Builder::makeFunction · Issue #4413 · WebAssembly/binaryen

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).

CVE
Open in Source
#vulnerability#web#ios#linux#dos

Version:

command:

POC8.zip

Result

bt

Program received signal SIGABRT, Aborted.
[----------------------------------registers-----------------------------------]
RAX: 0x0 
RBX: 0x7ffff4416040 (0x00007ffff4416040)
RCX: 0x7ffff446018b (<__GI_raise+203>:  mov    rax,QWORD PTR [rsp+0x108])
RDX: 0x0 
RSI: 0x7fffffffb890 --> 0x0 
RDI: 0x2 
RBP: 0x7ffff45d5588 ("%s%s%s:%u: %s%sAssertion `%s' failed.\n%n")
RSP: 0x7fffffffb890 --> 0x0 
RIP: 0x7ffff446018b (<__GI_raise+203>:  mov    rax,QWORD PTR [rsp+0x108])
R8 : 0x0 
R9 : 0x7fffffffb890 --> 0x0 
R10: 0x8 
R11: 0x246 
R12: 0x7ffff799dc40 ("/home/zxq/CVE_testing/project/binaryen/src/wasm-builder.h")
R13: 0x31 ('1')
R14: 0x7ffff799dc00 ("type.isSignature()")
R15: 0xfffff700 --> 0x0
EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x7ffff446017f <__GI_raise+191>: mov    edi,0x2
   0x7ffff4460184 <__GI_raise+196>: mov    eax,0xe
   0x7ffff4460189 <__GI_raise+201>: syscall 
=> 0x7ffff446018b <__GI_raise+203>: mov    rax,QWORD PTR [rsp+0x108]
   0x7ffff4460193 <__GI_raise+211>: xor    rax,QWORD PTR fs:0x28
   0x7ffff446019c <__GI_raise+220>: jne    0x7ffff44601c4 <__GI_raise+260>
   0x7ffff446019e <__GI_raise+222>: mov    eax,r8d
   0x7ffff44601a1 <__GI_raise+225>: add    rsp,0x118
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffb890 --> 0x0 
0008| 0x7fffffffb898 --> 0x49bba0 (<free>:  push   rbp)
0016| 0x7fffffffb8a0 --> 0x7ffffbad8000 
0024| 0x7fffffffb8a8 --> 0x6120000001c0 --> 0x7369642d69000001 
0032| 0x7fffffffb8b0 --> 0x612000000225 ("on> wasm::Builder::makeFunction(wasm::Name, wasm::HeapType, std::vector<Type> &&, wasm::Expression *): Assertion `type.isSignature()' failed.\n")
0040| 0x7fffffffb8b8 --> 0x6120000001c0 --> 0x7369642d69000001 
0048| 0x7fffffffb8c0 --> 0x6120000001c0 --> 0x7369642d69000001 
0056| 0x7fffffffb8c8 --> 0x6120000002b3 --> 0x0 
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGABRT
__GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
50  ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
gdb-peda$ bt
#0  __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff443f859 in __GI_abort () at abort.c:79
#2  0x00007ffff443f729 in __assert_fail_base (fmt=0x7ffff45d5588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x7ffff799dc00 <str> "type.isSignature()", 
    file=0x7ffff799dc40 <str> "/home/zxq/CVE_testing/project/binaryen/src/wasm-builder.h", line=0x31, function=<optimized out>) at assert.c:92
#3  0x00007ffff4450f36 in __GI___assert_fail (assertion=0x7ffff799dc00 <str> "type.isSignature()", file=0x7ffff799dc40 <str> "/home/zxq/CVE_testing/project/binaryen/src/wasm-builder.h", line=0x31, 
    function=0x7ffff799dca0 <__PRETTY_FUNCTION__._ZN4wasm7Builder12makeFunctionENS_4NameENS_8HeapTypeEOSt6vectorINS_4TypeESaIS4_EEPNS_10ExpressionE> "static std::unique_ptr<Function> wasm::Builder::makeFunction(wasm::Name, wasm::HeapType, std::vector<Type> &&, wasm::Expression *)") at assert.c:101
#4  0x00007ffff51417c4 in wasm::Builder::makeFunction (name=..., type=..., vars=..., body=<optimized out>) at /home/zxq/CVE_testing/project/binaryen/src/wasm-builder.h:49
#5  0x00007ffff6ea172f in wasm::WasmBinaryBuilder::readImports (this=<optimized out>) at /home/zxq/CVE_testing/project/binaryen/src/wasm/wasm-binary.cpp:2059
#6  0x00007ffff6e9967e in wasm::WasmBinaryBuilder::read (this=0x7fffffffcce0) at /home/zxq/CVE_testing/project/binaryen/src/wasm/wasm-binary.cpp:1417
#7  0x00007ffff7046785 in wasm::ModuleReader::readBinaryData (this=<optimized out>, input=..., wasm=..., sourceMapFilename=<incomplete type>) at /home/zxq/CVE_testing/project/binaryen/src/wasm/wasm-io.cpp:63
#8  0x00007ffff7046f76 in wasm::ModuleReader::readBinary (this=<optimized out>, filename=<incomplete type>, wasm=..., sourceMapFilename=<incomplete type>)
    at /home/zxq/CVE_testing/project/binaryen/src/wasm/wasm-io.cpp:74
#9  0x00000000004cf7ca in main (argc=<optimized out>, argv=<optimized out>) at /home/zxq/CVE_testing/project/binaryen/src/tools/wasm-dis.cpp:65
#10 0x00007ffff44410b3 in __libc_start_main (main=0x4cdef0 <main(int, char const**)>, argc=0x2, argv=0x7fffffffe348, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, 
    stack_end=0x7fffffffe338) at ../csu/libc-start.c:308
#11 0x000000000042375e in _start () at /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/iostream:74

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE