{"id":"CVE-2020-18378","details":"A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.","modified":"2026-03-13T00:34:07.518527Z","published":"2023-08-22T19:15:55.143Z","references":[{"type":"REPORT","url":"https://github.com/WebAssembly/binaryen/issues/1900"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/webassembly/binaryen","events":[{"introduced":"0"},{"last_affected":"484f62f985cb2180139d1cf991ac04ee41635417"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.38.26"}]}}],"versions":["1.36.10","1.36.11","1.36.12","1.36.13","1.36.14","1.36.2","1.36.3","1.36.4","1.36.5","1.36.6","1.36.7","1.36.8","1.36.9","1.37.0","1.37.1","1.37.10","1.37.11","1.37.12","1.37.13","1.37.14","1.37.15","1.37.16","1.37.17","1.37.18","1.37.19","1.37.2","1.37.20","1.37.21","1.37.22","1.37.23","1.37.24","1.37.25","1.37.26","1.37.27","1.37.28","1.37.29","1.37.3","1.37.30","1.37.31","1.37.32","1.37.33","1.37.34","1.37.35","1.37.36","1.37.37","1.37.39","1.37.4","1.37.40","1.37.5","1.37.6","1.37.7","1.37.8","1.37.9","1.38.0","1.38.1","1.38.10","1.38.11","1.38.12","1.38.13","1.38.14","1.38.15","1.38.16","1.38.17","1.38.18","1.38.19","1.38.2","1.38.20","1.38.21","1.38.22","1.38.23","1.38.24","1.38.25","1.38.26","1.38.3","1.38.4","1.38.5","1.38.6","1.38.7","1.38.8","1.38.9","binary_0xb","version_1","version_10","version_11","version_12","version_13","version_14","version_15","version_16","version_17","version_18","version_19","version_2","version_20","version_21","version_22","version_23","version_24","version_25","version_26","version_27","version_28","version_29","version_3","version_30","version_31","version_32","version_33","version_34","version_35","version_36","version_37","version_38","version_39","version_4","version_40","version_41","version_42","version_43","version_44","version_45","version_46","version_47","version_48","version_49","version_5","version_50","version_51","version_52","version_53","version_54","version_55","version_56","version_57","version_58","version_59","version_6","version_60","version_61","version_62","version_63","version_64","version_65","version_66","version_67","version_7","version_8","version_9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-18378.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}