CVE-2024-34251 — Vulnetix

CVE-2024-34251 PUBLISHED CVSS 7.5 HIGH

An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "block_type_get_arity" function in core/iwasm/interpreter/wasm.h.

EPSS 0.52% · 67.4th percentile

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.52%

67.4th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
bytecodealliance	webassembly_micro_runtime	2.0.0
bytecodealliance	wasm_micro_runtime	2.0.0

Exploit Intelligence

https://github.com/bytecodealliance/wasm-micro-runtime/issues/3347 (nist-nvd)

Timeline

May 6, 2024 CVE Published
May 7, 2024 EPSS Score
May 31, 2024 EPSS Score
Jun 25, 2024 EPSS Score
Jul 20, 2024 EPSS Score
Aug 2, 2024 CVE Updated
Aug 13, 2024 EPSS Score
Sep 6, 2024 EPSS Score
Sep 30, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 24, 2024 EPSS Score
Nov 17, 2024 EPSS Score

References

https://github.com/bytecodealliance/wasm-micro-runtime/issues/3347 url
https://nvd.nist.gov/vuln/detail/CVE-2024-34251 advisory

Open in Interactive Console →