{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28123", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-04T14:19:14.060Z", "datePublished": "2024-03-08T21:29:53.555Z", "dateUpdated": "2024-08-05T18:14:48.975Z"}, "containers": {"cna": {"title": "Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters", "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "lang": "en", "description": "CWE-787: Out-of-bounds Write", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq"}, {"name": "https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f", "tags": ["x_refsource_MISC"], "url": "https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f"}, {"name": "https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1"}], "affected": [{"vendor": "wasmi-labs", "product": "wasmi", "versions": [{"version": ">= 0.15.0, <= 0.31.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-08T21:29:53.555Z"}, "descriptions": [{"lang": "en", "value": "Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn\u2019t affect calls from Wasm to Wasm, only from host to Wasm. This vulnerability was patched in version 0.31.1.\n"}], "source": {"advisory": "GHSA-75jp-vq8x-h4cq", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.456Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq"}, {"name": "https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f"}, {"name": "https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1"}]}, {"affected": [{"vendor": "wasmi-labs", "product": "wasmi", "cpes": ["cpe:2.3:a:wasmi-labs:wasmi:0.15.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.15.0", "status": "affected", "lessThanOrEqual": "0.31.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-05T18:07:36.528954Z", "id": "CVE-2024-28123", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T18:14:48.975Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq", "name": "https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f", "name": "https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1", "name": "https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.456Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28123", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-05T18:07:36.528954Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wasmi-labs:wasmi:0.15.0:*:*:*:*:*:*:*"], "vendor": "wasmi-labs", "product": "wasmi", "versions": [{"status": "affected", "version": "0.15.0", "versionType": "custom", "lessThanOrEqual": "0.31.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T18:14:38.592Z"}}], "cna": {"title": "Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters", "source": {"advisory": "GHSA-75jp-vq8x-h4cq", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "wasmi-labs", "product": "wasmi", "versions": [{"status": "affected", "version": ">= 0.15.0, <= 0.31.0"}]}], "references": [{"url": "https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq", "name": "https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f", "name": "https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1", "name": "https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn\u2019t affect calls from Wasm to Wasm, only from host to Wasm. This vulnerability was patched in version 0.31.1.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-08T21:29:53.555Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28123", "state": "PUBLISHED", "dateUpdated": "2024-08-05T18:14:48.975Z", "dateReserved": "2024-03-04T14:19:14.060Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-08T21:29:53.555Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wasmi-labs:wasmi:*:*:*:*:*:rust:*:*", "matchCriteriaId": "DAB41919-ADBF-4CC4-B289-F15B7F68460C", "versionEndExcluding": "0.31.1", "versionStartIncluding": "0.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn\u2019t affect calls from Wasm to Wasm, only from host to Wasm. This vulnerability was patched in version 0.31.1.\n"}, {"lang": "es", "value": "Wasmi es un int\u00e9rprete de WebAssembly eficiente y liviano centrado en sistemas integrados y restringidos. En el int\u00e9rprete WASMI, surgir\u00e1 una escritura de b\u00fafer fuera de los l\u00edmites si el host llama o reanuda una funci\u00f3n Wasm con m\u00e1s par\u00e1metros que el l\u00edmite predeterminado (128), ya que superar\u00e1 el valor de la pila. Esto no afecta las llamadas de Wasm a Wasm, solo del host a Wasm. Esta vulnerabilidad fue parcheada en la versi\u00f3n 0.31.1."}], "id": "CVE-2024-28123", "lastModified": "2025-06-02T14:06:34.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-21T02:52:23.827", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}