CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-52284
https://notcve.org/view.php?id=CVE-2023-52284
31 Dec 2023 — Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled. Bytecode Alliance wasm-micro-runtime (también conocido como WebAssembly Micro Runtime o WAMR) anterior a 1.3.0 puede tener un error de "double free or corruption" para un módulo WebAssembly válido porque push_pop_frame_ref_offset no se maneja correctamente. • https://github.com/bytecodealliance/wasm-micro-runtime/compare/WAMR-1.2.3...WAMR-1.3.0 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48105
https://notcve.org/view.php?id=CVE-2023-48105
22 Nov 2023 — An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c. Se descubrió una vulnerabilidad de desbordamiento del heap en Bytecode alliance wasm-micro-runtime v.1.2.3 que permite a un atacante remoto provocar una denegación de servicio a través de la función wasm_loader_prepare_bytecode en core/iwasm/interpreter/wasm_loader.c. • http://bytecode.com • CWE-787: Out-of-bounds Write •