CVE-2023-48105: Out-of-bounds Write

November 22, 2023 (updated November 30, 2023)

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c.

References

bytecode.com/
wasm-micro-runtime.com/
github.com/bytecodealliance/wasm-micro-runtime/issues/2726
github.com/bytecodealliance/wasm-micro-runtime/pull/2734/commits/4785d91b16dd49c09a96835de2d9c7b077543fa4
nvd.nist.gov/vuln/detail/CVE-2023-48105

Detect and mitigate CVE-2023-48105 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →