DescriptionA NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs920853

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
binaryen (PTS)buster68-1fixed
sid, trixie, bookworm108-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

Same set of fixes as for
address the issue.

Search for package or bug name: Reporting problems