Vulnerabilites related to WebAssembly - wabt
Vulnerability from fkie_nvd
Published
2023-03-10 02:15
Modified
2025-02-28 22:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/WebAssembly/wabt/issues/1990 | Exploit, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/WebAssembly/wabt/issues/1990 | Exploit, Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webassembly | wabt | 1.0.29 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webassembly:wabt:1.0.29:*:*:*:*:*:*:*", matchCriteriaId: "C524E018-FAA2-4A8D-B861-6ACE6A675FEC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.", }, ], id: "CVE-2023-27119", lastModified: "2025-02-28T22:15:38.107", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-03-10T02:15:58.600", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", ], url: "https://github.com/WebAssembly/wabt/issues/1990", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", ], url: "https://github.com/WebAssembly/wabt/issues/1990", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-21 08:15
Modified
2025-03-24 14:02
Severity ?
5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/WebAssembly/wabt/issues/2557 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/WebAssembly/wabt/issues/2557#issue-2900405517 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://vuldb.com/?ctiid.300544 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.300544 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.515406 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webassembly | wabt | 1.0.36 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webassembly:wabt:1.0.36:*:*:*:*:*:*:*", matchCriteriaId: "06135620-B0C1-480E-84EA-C8AABC2D9D68", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", }, { lang: "es", value: "Se encontró una vulnerabilidad en WebAssembly wabt 1.0.36. Se ha declarado crítica. Esta vulnerabilidad afecta a la función BinaryReaderInterp::GetReturnCallDropKeepCount del archivo wabt/src/interp/binary-reader-interp.cc. La manipulación provoca un desbordamiento del búfer basado en el montón. El ataque puede iniciarse remotamente. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado.", }, ], id: "CVE-2025-2584", lastModified: "2025-03-24T14:02:56.053", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "HIGH", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 2.3, baseSeverity: "LOW", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "PASSIVE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2025-03-21T08:15:11.273", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", "Issue Tracking", ], url: "https://github.com/WebAssembly/wabt/issues/2557", }, { source: "cna@vuldb.com", tags: [ "Exploit", "Issue Tracking", ], url: "https://github.com/WebAssembly/wabt/issues/2557#issue-2900405517", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.300544", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.300544", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.515406", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, { lang: "en", value: "CWE-122", }, ], source: "cna@vuldb.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-28 21:15
Modified
2024-11-21 07:26
Severity ?
Summary
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/WebAssembly/wabt/issues/1982 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/WebAssembly/wabt/issues/1982 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webassembly | wabt | 1.0.29 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webassembly:wabt:1.0.29:*:*:*:*:*:*:*", matchCriteriaId: "C524E018-FAA2-4A8D-B861-6ACE6A675FEC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.", }, { lang: "es", value: "Se descubrió que wasm-interp v1.0.29 contenía una lectura fuera de límites a través del componente OnReturnCallExpr->GetReturnCallDropKeepCount.\n", }, ], id: "CVE-2022-43280", lastModified: "2024-11-21T07:26:11.593", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-28T21:15:09.807", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/WebAssembly/wabt/issues/1982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/WebAssembly/wabt/issues/1982", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-28 21:15
Modified
2024-11-21 07:26
Severity ?
Summary
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/WebAssembly/wabt/issues/1983 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/WebAssembly/wabt/issues/1983 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webassembly | wabt | 1.0.29 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webassembly:wabt:1.0.29:*:*:*:*:*:*:*", matchCriteriaId: "C524E018-FAA2-4A8D-B861-6ACE6A675FEC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount.", }, { lang: "es", value: "Se descubrió que wasm-interp v1.0.29 contenía una lectura fuera de límites a través del componente OnReturnCallIndirectExpr->GetReturnCallDropKeepCount.", }, ], id: "CVE-2022-43282", lastModified: "2024-11-21T07:26:11.930", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-28T21:15:09.940", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/WebAssembly/wabt/issues/1983", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/WebAssembly/wabt/issues/1983", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-28 21:15
Modified
2024-11-21 07:26
Severity ?
Summary
wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/WebAssembly/wabt/issues/1985 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/WebAssembly/wabt/issues/1985 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webassembly | wabt | 1.0.29 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:webassembly:wabt:1.0.29:*:*:*:*:*:*:*", matchCriteriaId: "C524E018-FAA2-4A8D-B861-6ACE6A675FEC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.", }, { lang: "es", value: "Se descubrió que wasm2c v1.0.29 contenía una interrupción en CWriter::Write.", }, ], id: "CVE-2022-43283", lastModified: "2024-11-21T07:26:12.080", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-28T21:15:10.007", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/WebAssembly/wabt/issues/1985", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/WebAssembly/wabt/issues/1985", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
CVE-2025-2368 (GCVE-0-2025-2368)
Vulnerability from cvelistv5
Published
2025-03-17 08:00
Modified
2025-03-17 16:25
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.299867 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.299867 | signature, permissions-required | |
| https://vuldb.com/?submit.515327 | third-party-advisory | |
| https://github.com/WebAssembly/wabt/issues/2556 | issue-tracking | |
| https://github.com/WebAssembly/wabt/issues/2537 | issue-tracking | |
| https://github.com/WebAssembly/wabt/issues/2556#issue-2899598349 | exploit, issue-tracking | |
| https://github.com/WebAssembly/wabt/pull/2541 | issue-tracking, patch |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WebAssembly | wabt |
Version: 1.0.36 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-2368", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-17T16:24:32.904421Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-17T16:25:00.678Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { modules: [ "Malformed File Handler", ], product: "wabt", vendor: "WebAssembly", versions: [ { status: "affected", version: "1.0.36", }, ], }, ], credits: [ { lang: "en", type: "tool", value: "VulDB GitHub Analyzer", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", }, { lang: "de", value: "Eine kritische Schwachstelle wurde in WebAssembly wabt 1.0.36 gefunden. Dies betrifft die Funktion wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport der Datei wabt/src/interp/binary-reader-interp.cc der Komponente Malformed File Handler. Durch das Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird Patching empfohlen.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 7.5, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-119", description: "Memory Corruption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-17T08:00:05.922Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-299867 | WebAssembly wabt Malformed File binary-reader-interp.cc OnExport heap-based overflow", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.299867", }, { name: "VDB-299867 | CTI Indicators (IOB, IOC, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.299867", }, { name: "Submit #515327 | https://github.com/WebAssembly/wabt wabt v1.0.36 Heap-based Buffer Overflow", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.515327", }, { tags: [ "issue-tracking", ], url: "https://github.com/WebAssembly/wabt/issues/2556", }, { tags: [ "issue-tracking", ], url: "https://github.com/WebAssembly/wabt/issues/2537", }, { tags: [ "exploit", "issue-tracking", ], url: "https://github.com/WebAssembly/wabt/issues/2556#issue-2899598349", }, { tags: [ "issue-tracking", "patch", ], url: "https://github.com/WebAssembly/wabt/pull/2541", }, ], timeline: [ { lang: "en", time: "2025-03-16T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2025-03-16T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2025-03-16T13:54:25.000Z", value: "VulDB entry last update", }, ], title: "WebAssembly wabt Malformed File binary-reader-interp.cc OnExport heap-based overflow", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2025-2368", datePublished: "2025-03-17T08:00:05.922Z", dateReserved: "2025-03-16T12:47:32.747Z", dateUpdated: "2025-03-17T16:25:00.678Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-43282 (GCVE-0-2022-43282)
Vulnerability from cvelistv5
Published
2022-10-28 00:00
Modified
2024-08-03 13:26
Severity ?
EPSS score ?
Summary
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:26:02.878Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/WebAssembly/wabt/issues/1983", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-28T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/WebAssembly/wabt/issues/1983", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-43282", datePublished: "2022-10-28T00:00:00", dateReserved: "2022-10-17T00:00:00", dateUpdated: "2024-08-03T13:26:02.878Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-27119 (GCVE-0-2023-27119)
Vulnerability from cvelistv5
Published
2023-03-10 00:00
Modified
2025-02-28 21:38
Severity ?
EPSS score ?
Summary
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:01:32.511Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/WebAssembly/wabt/issues/1990", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-27119", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T21:37:01.909046Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T21:38:19.531Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-10T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/WebAssembly/wabt/issues/1990", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-27119", datePublished: "2023-03-10T00:00:00.000Z", dateReserved: "2023-02-27T00:00:00.000Z", dateUpdated: "2025-02-28T21:38:19.531Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-43283 (GCVE-0-2022-43283)
Vulnerability from cvelistv5
Published
2022-10-28 00:00
Modified
2024-08-03 13:26
Severity ?
EPSS score ?
Summary
wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:26:02.917Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/WebAssembly/wabt/issues/1985", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-28T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/WebAssembly/wabt/issues/1985", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-43283", datePublished: "2022-10-28T00:00:00", dateReserved: "2022-10-17T00:00:00", dateUpdated: "2024-08-03T13:26:02.917Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2025-2584 (GCVE-0-2025-2584)
Vulnerability from cvelistv5
Published
2025-03-21 07:31
Modified
2025-03-21 12:29
Severity ?
2.3 (Low) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
5.0 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
5.0 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.300544 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.300544 | signature, permissions-required | |
| https://vuldb.com/?submit.515406 | third-party-advisory | |
| https://github.com/WebAssembly/wabt/issues/2557 | issue-tracking | |
| https://github.com/WebAssembly/wabt/issues/2557#issue-2900405517 | exploit, issue-tracking |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WebAssembly | wabt |
Version: 1.0.36 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-2584", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-21T12:29:43.060139Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-21T12:29:54.383Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "wabt", vendor: "WebAssembly", versions: [ { status: "affected", version: "1.0.36", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", }, { lang: "de", value: "In WebAssembly wabt 1.0.36 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion BinaryReaderInterp::GetReturnCallDropKeepCount der Datei wabt/src/interp/binary-reader-interp.cc. Mit der Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Die Komplexität eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 2.3, baseSeverity: "LOW", vectorString: "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 5.1, vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-119", description: "Memory Corruption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-21T07:31:03.732Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-300544 | WebAssembly wabt binary-reader-interp.cc GetReturnCallDropKeepCount heap-based overflow", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.300544", }, { name: "VDB-300544 | CTI Indicators (IOB, IOC, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.300544", }, { name: "Submit #515406 | https://github.com/WebAssembly/wabt wabt v1.0.36 Heap-based Buffer Overflow", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.515406", }, { tags: [ "issue-tracking", ], url: "https://github.com/WebAssembly/wabt/issues/2557", }, { tags: [ "exploit", "issue-tracking", ], url: "https://github.com/WebAssembly/wabt/issues/2557#issue-2900405517", }, ], timeline: [ { lang: "en", time: "2025-03-20T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2025-03-21T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2025-03-21T00:06:44.000Z", value: "VulDB entry last update", }, ], title: "WebAssembly wabt binary-reader-interp.cc GetReturnCallDropKeepCount heap-based overflow", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2025-2584", datePublished: "2025-03-21T07:31:03.732Z", dateReserved: "2025-03-20T23:01:41.046Z", dateUpdated: "2025-03-21T12:29:54.383Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2025-3122 (GCVE-0-2025-3122)
Vulnerability from cvelistv5
Published
2025-04-02 22:00
Modified
2025-04-03 19:18
Severity ?
2.3 (Low) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
3.1 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
3.1 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
EPSS score ?
Summary
A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.303013 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.303013 | signature, permissions-required | |
| https://vuldb.com/?submit.525091 | third-party-advisory | |
| https://github.com/WebAssembly/wabt/issues/2565 | issue-tracking | |
| https://github.com/WebAssembly/wabt/issues/2565#issue-2927572319 | exploit, issue-tracking |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WebAssembly | wabt |
Version: 1.0.36 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-3122", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-03T19:17:51.412037Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-03T19:18:20.492Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "wabt", vendor: "WebAssembly", versions: [ { status: "affected", version: "1.0.36", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", }, { lang: "de", value: "In WebAssembly wabt 1.0.36 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um die Funktion BinaryReaderInterp::BeginFunctionBody der Datei src/interp/binary-reader-interp.cc. Durch das Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 2.3, baseSeverity: "LOW", vectorString: "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 2.6, vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-404", description: "Denial of Service", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T22:00:14.705Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-303013 | WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.303013", }, { name: "VDB-303013 | CTI Indicators (IOB, IOC, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.303013", }, { name: "Submit #525091 | https://github.com/WebAssembly/wabt wabt 1.0.36 NULL Pointer Dereference", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.525091", }, { tags: [ "issue-tracking", ], url: "https://github.com/WebAssembly/wabt/issues/2565", }, { tags: [ "exploit", "issue-tracking", ], url: "https://github.com/WebAssembly/wabt/issues/2565#issue-2927572319", }, ], timeline: [ { lang: "en", time: "2025-04-02T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2025-04-02T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2025-04-02T15:42:39.000Z", value: "VulDB entry last update", }, ], title: "WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2025-3122", datePublished: "2025-04-02T22:00:14.705Z", dateReserved: "2025-04-02T13:37:36.642Z", dateUpdated: "2025-04-03T19:18:20.492Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-43280 (GCVE-0-2022-43280)
Vulnerability from cvelistv5
Published
2022-10-28 00:00
Modified
2024-08-03 13:26
Severity ?
EPSS score ?
Summary
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:26:02.847Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/WebAssembly/wabt/issues/1982", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-28T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/WebAssembly/wabt/issues/1982", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-43280", datePublished: "2022-10-28T00:00:00", dateReserved: "2022-10-17T00:00:00", dateUpdated: "2024-08-03T13:26:02.847Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }