CVE-2024-28123 (GCVE-0-2024-28123)

Vulnerability from cvelistv5 – Published: 2024-03-08 21:29 – Updated: 2024-08-05 18:14
VLAI?
Title
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters
Summary
Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn’t affect calls from Wasm to Wasm, only from host to Wasm. This vulnerability was patched in version 0.31.1.
Severity ?
7.3 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
wasmi-labs wasmi Affected: >= 0.15.0, <= 0.31.0
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:48:49.456Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq"
          },
          {
            "name": "https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f"
          },
          {
            "name": "https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:wasmi-labs:wasmi:0.15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wasmi",
            "vendor": "wasmi-labs",
            "versions": [
              {
                "lessThanOrEqual": "0.31.0",
                "status": "affected",
                "version": "0.15.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28123",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-05T18:07:36.528954Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:14:48.975Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wasmi",
          "vendor": "wasmi-labs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.15.0, \u003c= 0.31.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn\u2019t affect calls from Wasm to Wasm, only from host to Wasm. This vulnerability was patched in version 0.31.1.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-08T21:29:53.555Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq"
        },
        {
          "name": "https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f"
        },
        {
          "name": "https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1"
        }
      ],
      "source": {
        "advisory": "GHSA-75jp-vq8x-h4cq",
        "discovery": "UNKNOWN"
      },
      "title": "Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-28123",
    "datePublished": "2024-03-08T21:29:53.555Z",
    "dateReserved": "2024-03-04T14:19:14.060Z",
    "dateUpdated": "2024-08-05T18:14:48.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn\\u2019t affect calls from Wasm to Wasm, only from host to Wasm. This vulnerability was patched in version 0.31.1.\\n\"}, {\"lang\": \"es\", \"value\": \"Wasmi es un int\\u00e9rprete de WebAssembly eficiente y liviano centrado en sistemas integrados y restringidos. En el int\\u00e9rprete WASMI, surgir\\u00e1 una escritura de b\\u00fafer fuera de los l\\u00edmites si el host llama o reanuda una funci\\u00f3n Wasm con m\\u00e1s par\\u00e1metros que el l\\u00edmite predeterminado (128), ya que superar\\u00e1 el valor de la pila. Esto no afecta las llamadas de Wasm a Wasm, solo del host a Wasm. Esta vulnerabilidad fue parcheada en la versi\\u00f3n 0.31.1.\"}]",
      "id": "CVE-2024-28123",
      "lastModified": "2024-11-21T09:05:51.980",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.4}]}",
      "published": "2024-03-21T02:52:23.827",
      "references": "[{\"url\": \"https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-28123\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-21T02:52:23.827\",\"lastModified\":\"2025-06-02T14:06:34.380\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn\u2019t affect calls from Wasm to Wasm, only from host to Wasm. This vulnerability was patched in version 0.31.1.\\n\"},{\"lang\":\"es\",\"value\":\"Wasmi es un int\u00e9rprete de WebAssembly eficiente y liviano centrado en sistemas integrados y restringidos. En el int\u00e9rprete WASMI, surgir\u00e1 una escritura de b\u00fafer fuera de los l\u00edmites si el host llama o reanuda una funci\u00f3n Wasm con m\u00e1s par\u00e1metros que el l\u00edmite predeterminado (128), ya que superar\u00e1 el valor de la pila. Esto no afecta las llamadas de Wasm a Wasm, solo del host a Wasm. Esta vulnerabilidad fue parcheada en la versi\u00f3n 0.31.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wasmi-labs:wasmi:*:*:*:*:*:rust:*:*\",\"versionStartIncluding\":\"0.15.0\",\"versionEndExcluding\":\"0.31.1\",\"matchCriteriaId\":\"DAB41919-ADBF-4CC4-B289-F15B7F68460C\"}]}]}],\"references\":[{\"url\":\"https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq\", \"name\": \"https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f\", \"name\": \"https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1\", \"name\": \"https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T00:48:49.456Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-28123\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-05T18:07:36.528954Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:wasmi-labs:wasmi:0.15.0:*:*:*:*:*:*:*\"], \"vendor\": \"wasmi-labs\", \"product\": \"wasmi\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.15.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"0.31.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-05T18:14:38.592Z\"}}], \"cna\": {\"title\": \"Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters\", \"source\": {\"advisory\": \"GHSA-75jp-vq8x-h4cq\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"wasmi-labs\", \"product\": \"wasmi\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.15.0, \u003c= 0.31.0\"}]}], \"references\": [{\"url\": \"https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq\", \"name\": \"https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f\", \"name\": \"https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1\", \"name\": \"https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn\\u2019t affect calls from Wasm to Wasm, only from host to Wasm. This vulnerability was patched in version 0.31.1.\\n\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787: Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-03-08T21:29:53.555Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-28123\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-05T18:14:48.975Z\", \"dateReserved\": \"2024-03-04T14:19:14.060Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-03-08T21:29:53.555Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.