{"id":"CVE-2023-52284","details":"Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an \"double free or corruption\" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.","modified":"2026-03-14T12:16:53.433846Z","published":"2023-12-31T06:15:08.487Z","references":[{"type":"FIX","url":"https://github.com/bytecodealliance/wasm-micro-runtime/compare/WAMR-1.2.3...WAMR-1.3.0"},{"type":"FIX","url":"https://github.com/bytecodealliance/wasm-micro-runtime/issues/2586"},{"type":"FIX","url":"https://github.com/bytecodealliance/wasm-micro-runtime/pull/2590"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bytecodealliance/wasm-micro-runtime","events":[{"introduced":"0"},{"fixed":"78be22159489c691f9162d4f09d9e5307fbb0851"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.3.0"}]}}],"versions":["01-12-2020","WAMR-01-18-2022","WAMR-01-29-2021","WAMR-02-18-2020","WAMR-02-27-2020","WAMR-03-05-2020","WAMR-03-19-2020","WAMR-03-25-2021","WAMR-03-30-2020","WAMR-04-15-2020","WAMR-04-15-2021","WAMR-05-18-2022","WAMR-06-15-2020","WAMR-07-10-2020","WAMR-08-10-2021","WAMR-09-08-2020","WAMR-09-29-2020","WAMR-1.0.0","WAMR-1.1.0","WAMR-1.1.1","WAMR-1.1.2","WAMR-1.2.0","WAMR-1.2.1","WAMR-1.2.2","WAMR-1.2.3","WAMR-12-30-2021","tag-11-28-2019"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52284.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}