{"id":"CVE-2023-31669","details":"WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (\").","modified":"2026-05-28T04:09:40.233565447Z","published":"2023-05-23T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/31xxx/CVE-2023-31669.json","cna_assigner":"mitre"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/31xxx/CVE-2023-31669.json"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OSFFCKXUQ5PAC5UVXY7N6HEHVQ3AC2RG/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31669"},{"type":"REPORT","url":"https://github.com/WebAssembly/wabt/issues/2165"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/webassembly/wabt","events":[{"introduced":"0"},{"last_affected":"e5b042a72e6b6395e1d77901e7a413d6af87ae67"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.0.32"}],"cpe":"cpe:2.3:a:webassembly:webassembly_binary_toolkit:1.0.32:*:*:*:*:*:*:*","source":"CPE_STRING"}}],"versions":["1.0.32","1.0.31","1.0.30","1.0.29","1.0.28","1.0.27","1.0.26","1.0.25","1.0.24","1.0.23","1.0.22","1.0.21","1.0.20","1.0.19","1.0.18","1.0.17","gh-actions-test2","gh-actions-test","1.0.16","1.0.15","1.0.14","1.0.13","1.0.12","1.0.11","1.0.10","1.0.9","1.0.8","1.0.7","1.0.6","1.0.5","1.0.4","1.0.3","1.0.2","1.0.1","1.0.0","binary_0xd","binary_0xc","binary_0xb","binary_0xa"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-31669.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}