| tiêu đề | WebAssembly Community Binaryen main branch commit 3ef8d19 (v117 development version, vulnerable version before fix commit 1251efb) Fixed version: commit 1251ef Assertion Failure, Denial of Service (Local DoS) |
|---|
| Mô tả | Binaryen is an open-source WebAssembly compiler optimization toolchain maintained by the WebAssembly Community.
A local denial-of-service vulnerability exists in the BrOn instruction parsing module of the wasm-ctor-eval utility.
During BrOn instruction parsing, the program fails to validate whether the `ref` and `desc` operands are legal reference types. Malicious crafted non-reference type Wasm bytecode will flow into the subsequent finalize() logic, and trigger an assertion failure check `isRef()` in Type::getHeapType() at src/wasm-type.h line 407. The wasm-ctor-eval process crashes and exits abnormally immediately, causing denial of service.
Crash detail:
wasm-ctor-eval: /home/new-cases/binaryen/latestest-04.21/binaryen-main/src/wasm-type.h:407: wasm::HeapType wasm::Type::getHeapType() const: Assertion `isRef()' failed.
[1] 1774067 IOT instruction
Original reported issue: https://github.com/WebAssembly/binaryen/issues/8633
Official fix pull request: https://github.com/WebAssembly/binaryen/pull/8635
Fix commit: 1251efb
Official fix summary: Avoid assertion failure by adding reference type validation in BrOn parsing stage. |
|---|
| Nguồn | ⚠️ https://github.com/WebAssembly/binaryen/issues/8633,https://github.com/WebAssembly/binaryen/pull/8635 |
|---|
| Người dùng | pwn3rd (UID 97480) |
|---|
| Đệ trình | 22/04/2026 02:18 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 10/05/2026 16:57 (19 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 362554 [WebAssembly Binaryen đến 117 BrOn Parser wasm-ir-builder.cpp IRBuilder::makeBrOn Từ chối dịch vụ] |
|---|
| điểm | 20 |
|---|