CVE-2024-28123: Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters

March 7, 2024

In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn’t affect calls from Wasm to Wasm, only from host to Wasm.

References

github.com/advisories/GHSA-75jp-vq8x-h4cq
github.com/wasmi-labs/wasmi
github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f
github.com/wasmi-labs/wasmi/releases/tag/v0.31.1
github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq
nvd.nist.gov/vuln/detail/CVE-2024-28123

Detect and mitigate CVE-2024-28123 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →