wasm3 m3_exec.h op_CallIndirect memory corruption

A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. Performing a manipulation results in memory corruption. The attack needs to be approached locally. The exploit is now public and may be used. Unfortunately, the project has no active maintainer at the moment.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

内存缓冲区边界内操作的限制不恰当

Wasm3 缓冲区错误漏洞

Wasm3是Wasm3开源的一个快速的WebAssembly解释器和最通用的WASM运行时。 wasm3 0.5.0及之前版本存在缓冲区错误漏洞，该漏洞源于文件m3_exec.h中op_SetSlot_i32/op_CallIndirect函数存在内存损坏，可能导致本地攻击。

N/A

N/A