Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WebAssembly Micro Runtime frame_offset_bottom array bounds overflow in fast Interpreter mode when handling GET_GLOBAL(I32) followed by if opcode
Vulnerability Description
WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When frame_ref_bottom and frame_offset_bottom arrays are at capacity and a GET_GLOBAL(I32) opcode is encountered, frame_ref_bottom is expanded but frame_offset_bottom may not be. If this is immediately followed by an if opcode that triggers preserve_local_for_block, the function traverses arrays using stack_cell_num as the upper bound, causing out-of-bounds access to frame_offset_bottom since it wasn't expanded to match the increased stack_cell_num. This issue has been patched in version 2.4.4.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Vulnerability Title
WebAssembly Micro Runtime 缓冲区错误漏洞
Vulnerability Description
WebAssembly Micro Runtime(WAMR)是Bytecode Alliance开源的一种轻量级的独立 WebAssembly 运行时。具有占用空间小、高性能和高度可配置的功能,适用于从嵌入式、物联网、边缘到可信执行环境 (TEE)、智能合约、云原生等应用程序。 WebAssembly Micro Runtime 2.4.4之前版本存在缓冲区错误漏洞,该漏洞源于快速解释器模式下存在数组越界访问。
CVSS Information
N/A
Vulnerability Type
N/A