Login Sign Up

CVE-2024-27532

7.5 HIGH
Denial of Service

📋 TL;DR

A NULL pointer dereference vulnerability in wasm-micro-runtime's block_type_get_result_types function allows attackers to cause denial of service or potentially execute arbitrary code. This affects systems running vulnerable versions of WAMR that process untrusted WebAssembly modules. The vulnerability is triggered when parsing malicious WebAssembly binaries.

💻 Affected Systems

Products:
  • wasm-micro-runtime (WAMR)
Versions: Commit 06df58f and potentially earlier versions
Operating Systems: All platforms running WAMR
Default Config Vulnerable: ⚠️ Yes
Notes: Any system using WAMR to execute WebAssembly modules is potentially vulnerable if processing untrusted input.

📦 What is this software?

Webassembly Micro Runtime by Bytecodealliance

View all CVEs affecting Webassembly Micro Runtime →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if combined with other vulnerabilities or memory corruption techniques.

🟠

Likely Case

Application crash and denial of service when processing malicious WebAssembly modules.

🟢

If Mitigated

Limited impact with proper sandboxing and input validation in place.

🌐 Internet-Facing: MEDIUM - Exploitable if WAMR processes untrusted WebAssembly from external sources.
🏢 Internal Only: LOW - Requires processing of malicious WebAssembly binaries, which is less likely in internal-only deployments.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof of concept available in GitHub issue. Exploitation requires ability to submit malicious WebAssembly binaries to the runtime.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check latest WAMR releases after commit 06df58f

Vendor Advisory: https://github.com/bytecodealliance/wasm-micro-runtime/issues/3130

Restart Required: Yes

Instructions:

1. Update to latest WAMR version. 2. Rebuild applications using WAMR. 3. Restart affected services.

🔧 Temporary Workarounds

Input Validation

all

Validate all WebAssembly binaries before processing with WAMR

Sandbox Execution

linux

Run WAMR in isolated containers or sandboxes to limit impact

docker run --security-opt=no-new-privileges -it wamr-container

🧯 If You Can't Patch

  • Implement strict input validation for all WebAssembly binaries
  • Isolate WAMR execution in containers with limited privileges

🔍 How to Verify

Check if Vulnerable:

Check if WAMR version includes commit 06df58f or earlier. Test with proof-of-concept WebAssembly module from GitHub issue.

Check Version:

Check WAMR source code or build information for commit hash

Verify Fix Applied:

Verify WAMR version is updated beyond vulnerable commit. Test with same proof-of-concept module to confirm no crash.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes
  • Segmentation faults in WAMR processes
  • Unexpected termination of WebAssembly runtime

Network Indicators:

  • Unusual WebAssembly binary uploads
  • Repeated failed WebAssembly execution attempts

SIEM Query:

process_name:"wamr" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2024-27532
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: November 8, 2024
Last Updated: September 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27532, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)