CVE-2024-35422 – CVE-2024-35422 is a heap buffer overflow vulner... (How to Fix)

Q: What is the severity of CVE-2024-35422?

CVE-2024-35422 has a CVSS score of 7.8 (HIGH). CVE-2024-35422 is a heap buffer overflow vulnerability in vmir's WebAssembly parser that allows attackers to execute arbitrary code or cause denial of service. This affects systems running vulnerable versions of vmir that process untrusted WebAssembly modules. The vulnerability is exploitable remotely if vmir is exposed to untrusted inputs.

📋 TL;DR

CVE-2024-35422 is a heap buffer overflow vulnerability in vmir's WebAssembly parser that allows attackers to execute arbitrary code or cause denial of service. This affects systems running vulnerable versions of vmir that process untrusted WebAssembly modules. The vulnerability is exploitable remotely if vmir is exposed to untrusted inputs.

💻 Affected Systems

Products:

vmir

Versions: Versions prior to the fix (specific version unknown from provided references)

Operating Systems: All platforms running vmir

Default Config Vulnerable: ⚠️ Yes

Notes: Any configuration that processes WebAssembly modules via the vulnerable wasm_call function is affected.

📦 What is this software?

Vmir by Lonelycoder

View all CVEs affecting Vmir →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Denial of service through application crashes or memory corruption, potentially leading to service disruption.

🟢

If Mitigated

Limited impact if proper input validation and memory protections are in place, though crashes may still occur.

🌐 Internet-Facing: HIGH if vmir processes untrusted WebAssembly from external sources.

🏢 Internal Only: MEDIUM if only internal users can trigger the vulnerability, but still poses risk to system stability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

The GitHub issue includes technical details that could facilitate exploitation. Heap buffer overflows typically require some skill to weaponize reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown specific version - check GitHub issue #23 for updates

Vendor Advisory: https://github.com/andoma/vmir/issues/23

Restart Required: Yes

Instructions:

1. Monitor GitHub issue #23 for patch release. 2. Update vmir to the patched version when available. 3. Restart any vmir processes or services.

🔧 Temporary Workarounds

Disable WebAssembly Processing

all

Prevent vmir from processing WebAssembly modules if not required.

Configure vmir to reject WebAssembly inputs or disable wasm functionality

Input Validation

all

Implement strict validation of WebAssembly modules before processing.

Add pre-processing checks for WebAssembly module size and structure

🧯 If You Can't Patch

Isolate vmir instances in restricted network segments with no internet access.
Implement strict access controls to limit who can submit WebAssembly modules to vmir.

🔍 How to Verify

Check if Vulnerable:

Check vmir version and compare against patched version when available. Test with proof-of-concept from GitHub references.

Check Version:

vmir --version or check build/installation metadata

Verify Fix Applied:

Update to patched version and test with the same proof-of-concept to ensure no crash occurs.

📡 Detection & Monitoring

Log Indicators:

Segmentation faults
Memory access violation errors
Unexpected vmir process termination

Network Indicators:

Unusual WebAssembly module submissions
Large or malformed WebAssembly payloads

SIEM Query:

process_name:vmir AND (event_type:crash OR error_message:"segmentation fault" OR error_message:"buffer overflow")

📊 Metadata

CVE ID: CVE-2024-35422

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: November 8, 2024

Last Updated: June 5, 2025

🔗 References

https://gist.github.com/haruki3hhh/21f9ad538db2a98e651cfe34ba4176f3 Third Party Advisory
https://github.com/andoma/vmir/issues/23 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35422, you might also want to check these: