I got many crash samples while fuzzing the mini-loader of the WAMR project. I would like to know what are the advantages of mini-loader over normal loader? I noticed a discussion in issue https://github.com/bytecodealliance/wasm-micro-runtime/issues/569, and I think a memory corruption vulnerability in the mini-loader could lead to arbitrary code execution if the mini-loader is used on some devices. I'm wondering if the vulnerabilities in mini-loader would be considered security issues and assigned CVEs?
hi @P1umer, you might have a better chance at getting this in front of the right people if you posted in the #wamr stream, or filed an issue on the wamr repo. I don't think a ton of wamr folks hang out in #general.
Last updated: Dec 23 2024 at 12:05 UTC