wabt icon indicating copy to clipboard operation
wabt copied to clipboard
verified publisher icon WebAssembly

wasm-decompile: Assertion `exp_stack.size() >= nagrs' failure cause DoS

Open goldds96 opened this issue 2 years ago • 0 comments

Environments

OS : Ubuntu 18.04 5.4.0-150-generic Commit : e97d53c5fcbb604fc36432df4fc117d13558d7fd Version : 1.0.34

Vulnerability Description

Affected Tool : wasm-decompile Affected Version : <= 1.0.34 Impact : Denial of Service

  • The assertion 'exp_stack.size() >= nargs' fail in /include/wabt/decompiler-ast.h in wabt 1.0.34 can cause a denial of service(assertion failure) via a crafted wasm file.

PoC

1. Input File

wasm-decompile-DOS-poc02.zip

2. Reproduce

$ ~/wabt/bin/wasm-decompile wasm-decompile-DOS-poc02

3. Stack Trace

$ ~/wabt/bin/wasm-decompile wasm-decompile-DOS-poc02
wasm-decompile: ../../../../include/wabt/decompiler-ast.h:98: wabt::Node &wabt::AST::InsertNode(wabt::NodeType, wabt::ExprType, const wabt::Expr *, wabt::Index): Assertion `exp_stack.size() >= nargs' failed.
Aborted

goldds96 avatar Oct 29 '23 14:10 goldds96