CVE-2023-52284
https://notcve.org/view.php?id=CVE-2023-52284
Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled. Bytecode Alliance wasm-micro-runtime (también conocido como WebAssembly Micro Runtime o WAMR) anterior a 1.3.0 puede tener un error de "double free or corruption" para un módulo WebAssembly válido porque push_pop_frame_ref_offset no se maneja correctamente. • https://github.com/bytecodealliance/wasm-micro-runtime/compare/WAMR-1.2.3...WAMR-1.3.0 https://github.com/bytecodealliance/wasm-micro-runtime/issues/2586 https://github.com/bytecodealliance/wasm-micro-runtime/pull/2590 • CWE-415: Double Free •
CVE-2023-48105
https://notcve.org/view.php?id=CVE-2023-48105
An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c. Se descubrió una vulnerabilidad de desbordamiento del heap en Bytecode alliance wasm-micro-runtime v.1.2.3 que permite a un atacante remoto provocar una denegación de servicio a través de la función wasm_loader_prepare_bytecode en core/iwasm/interpreter/wasm_loader.c. • http://bytecode.com http://wasm-micro-runtime.com https://github.com/bytecodealliance/wasm-micro-runtime/issues/2726 https://github.com/bytecodealliance/wasm-micro-runtime/pull/2734/commits/4785d91b16dd49c09a96835de2d9c7b077543fa4 • CWE-787: Out-of-bounds Write •