本ページは webassembly binaryen に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-8257 | A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit is now public and may be used. The patch is named 1251efbc1ea471c1311d2726b2bbe061ff2a291c. It is suggested to install a patch to address this issue. | [email protected] | 1.9 | 0.16% | 2026-05-10 | 2026-06-17 |
| CVE-2025-14957 | A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is ad | [email protected] | 1.9 | 0.18% | 2025-12-19 | 2026-06-17 |
| CVE-2025-14956 | A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue. | [email protected] | 1.9 | 0.18% | 2025-12-19 | 2026-06-17 |
| CVE-2020-18382 | Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt. | [email protected] | 6.5 | 0.53% | 2023-08-22 | 2026-06-16 |
| CVE-2020-18378 | A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as. | [email protected] | 6.5 | 0.53% | 2023-08-22 | 2026-06-16 |
| CVE-2021-46055 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). | [email protected] | 5.5 | 0.70% | 2022-01-10 | 2026-06-17 |
| CVE-2021-46054 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). | [email protected] | 5.5 | 0.70% | 2022-01-10 | 2026-06-17 |
| CVE-2021-46053 | A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL. | [email protected] | 5.5 | 0.70% | 2022-01-10 | 2026-06-17 |
| CVE-2021-46052 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate. | [email protected] | 5.5 | 0.70% | 2022-01-10 | 2026-06-17 |
| CVE-2021-46050 | A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function. | [email protected] | 5.5 | 0.68% | 2022-01-10 | 2026-06-17 |
| CVE-2021-46048 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions. | [email protected] | 5.5 | 0.70% | 2022-01-10 | 2026-06-17 |
| CVE-2021-45293 | A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet. | [email protected] | 5.5 | 0.78% | 2021-12-21 | 2026-06-17 |
| CVE-2021-45290 | A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable. | [email protected] | 7.5 | 1.47% | 2021-12-21 | 2026-06-17 |
| CVE-2019-15759 | An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js. | [email protected] | 6.5 | 1.25% | 2019-08-28 | 2026-06-16 |
| CVE-2019-15758 | An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js. | [email protected] | 6.5 | 1.24% | 2019-08-28 | 2026-06-16 |
| CVE-2019-7704 | wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt. | [email protected] | 6.5 | 1.16% | 2019-02-10 | 2026-06-16 |
| CVE-2019-7703 | In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge. | [email protected] | 6.5 | 1.46% | 2019-02-10 | 2026-06-16 |
| CVE-2019-7702 | A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as. | [email protected] | 6.5 | 1.15% | 2019-02-10 | 2026-06-16 |
| CVE-2019-7701 | A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js. | [email protected] | 6.5 | 1.15% | 2019-02-10 | 2026-06-16 |
| CVE-2019-7700 | A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge. | [email protected] | 6.5 | 1.15% | 2019-02-10 | 2026-06-16 |