5.5

CVE-2025-14957

Exploit

WebAssembly Binaryen IRBuilder wasm-ir-builder.cpp makeLocalTee null pointer dereference

A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is advised to resolve this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WebassemblyBinaryen Version <= 125
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.076
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cna@vuldb.com 1.9 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com 1.7 3.1 2.9
AV:L/AC:L/Au:S/C:N/I:N/A:P
CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://github.com/WebAssembly/binaryen/commit/6fb2b917a79578ab44cf3b900a6da4c27251e0d4
Patch
https://github.com/WebAssembly/binaryen/issues/8090
Third Party Advisory
Exploit
Issue Tracking
https://github.com/WebAssembly/binaryen/pull/8099
Issue Tracking
https://github.com/oneafter/1204/blob/main/af1
Not Applicable
https://vuldb.com/?ctiid.337593
VDB Entry
Permissions Required
https://vuldb.com/?id.337593
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.717317
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.717319
Third Party Advisory
VDB Entry
https://github.com/WebAssembly/binaryen/