CVE-2023-52284

Source
https://cve.org/CVERecord?id=CVE-2023-52284
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52284.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52284
Downstream
Published
2023-12-31T00:00:00Z
Modified
2026-07-08T06:26:35.966009540Z
Summary
[none]
Details

Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because pushpopframerefoffset is mishandled.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52284.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/bytecodealliance/wasm-micro-runtime

Affected ranges

Type
GIT
Repo
https://github.com/bytecodealliance/wasm-micro-runtime
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "DESCRIPTION",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:bytecodealliance:webassembly_micro_runtime:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.3.0"
        }
    ]
}

Affected versions

Other
01-12-2020
WAMR-01-18-2022
WAMR-01-29-2021
WAMR-02-18-2020
WAMR-02-27-2020
WAMR-03-05-2020
WAMR-03-19-2020
WAMR-03-25-2021
WAMR-03-30-2020
WAMR-04-15-2020
WAMR-04-15-2021
WAMR-05-18-2022
WAMR-06-15-2020
WAMR-07-10-2020
WAMR-08-10-2021
WAMR-09-08-2020
WAMR-09-29-2020
WAMR-12-30-2021
tag-11-28-2019
WAMR-1.*
WAMR-1.0.0
WAMR-1.1.0
WAMR-1.1.1
WAMR-1.1.2
WAMR-1.2.0
WAMR-1.2.1
WAMR-1.2.2
WAMR-1.2.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52284.json"