Login Sign Up

CVE-2024-35424

5.5 MEDIUM
Denial of Service

📋 TL;DR

CVE-2024-35424 is a segmentation violation vulnerability in vmir's WebAssembly parser that can cause denial of service or potentially allow arbitrary code execution. This affects systems running vmir e8117 that process untrusted WebAssembly modules. The vulnerability occurs in the import_function function during WebAssembly module parsing.

💻 Affected Systems

Products:
  • vmir
Versions: e8117 and potentially earlier versions
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems that use vmir to parse WebAssembly modules. The vulnerability is triggered during WebAssembly module import processing.

📦 What is this software?

Vmir by Lonelycoder

View all CVEs affecting Vmir →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if the segmentation violation can be weaponized to execute arbitrary code.

🟠

Likely Case

Denial of service causing the vmir process to crash when processing malicious WebAssembly modules.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing of WebAssembly execution environments.

🌐 Internet-Facing: MEDIUM - If vmir is exposed to process untrusted WebAssembly modules from external sources, it could be exploited for DoS.
🏢 Internal Only: LOW - Internal systems processing trusted WebAssembly modules have minimal exposure.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof of concept available in GitHub issue. Exploitation requires ability to supply malicious WebAssembly modules to vmir.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub repository for latest fixes

Vendor Advisory: https://github.com/andoma/vmir/issues/21

Restart Required: Yes

Instructions:

1. Check vmir GitHub repository for security updates. 2. Update to latest version. 3. Recompile if using source. 4. Restart any services using vmir.

🔧 Temporary Workarounds

Input Validation

all

Implement strict validation of WebAssembly modules before passing to vmir parser

Sandbox Execution

linux

Run vmir in isolated containers or sandboxes to limit impact of crashes

docker run --security-opt=no-new-privileges -it vmir-container

🧯 If You Can't Patch

  • Restrict vmir to process only trusted, pre-validated WebAssembly modules
  • Implement network segmentation to isolate vmir instances from critical systems

🔍 How to Verify

Check if Vulnerable:

Check if running vmir e8117 or earlier versions. Test with known malicious WebAssembly modules from proof of concept.

Check Version:

vmir --version or check build/compilation metadata

Verify Fix Applied:

Test with the same malicious WebAssembly modules that previously caused crashes. Verify vmir processes them without segmentation faults.

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault errors in system logs
  • vmir process crashes
  • Core dumps from vmir process

Network Indicators:

  • Unusual WebAssembly module uploads to vmir endpoints
  • Repeated connection attempts to vmir services

SIEM Query:

process_name:vmir AND (event_type:crash OR error_message:"segmentation fault")

📊 Metadata

CVE ID: CVE-2024-35424
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE: CWE-754
Published: November 8, 2024
Last Updated: June 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35424, you might also want to check these:

CVE-2026-24054 10.0

A vulnerability in Kata Containers allows malformed container images with no layers to cause the hos...

Same vulnerability type (CWE-754)
CVE-2021-0211 10.0

This vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows attackers to send specia...

Same vulnerability type (CWE-754)
CVE-2024-3729 9.8

This vulnerability in the Frontend Admin WordPress plugin allows unauthenticated attackers to manipu...

Same vulnerability type (CWE-754)