This vulnerability affects the WebAssembly Binaryen project, specifically versions up to 117. The issue is a reachable assertion triggered by manipulation of the IRBuilder::makeBrOn function in the wasm-ir-builder.cpp source file, part of the BrOn Parser component. The vulnerability requires local access and low complexity to exploit, with no privileges beyond local user rights needed. The CVSS vector indicates no user interaction or elevated privileges are required, and the impact is limited to availability with low scope and no confidentiality or integrity impact. A patch commit (1251efbc1ea471c1311d2726b2bbe061ff2a291c) is suggested but no official vendor advisory or remediation level is provided. The vulnerability is published and exploits are publicly available but not confirmed in active attacks.

The vulnerability can cause a reachable assertion failure, potentially leading to denial of service or application instability when exploited locally. There is no indication of confidentiality or integrity compromise. The CVSS score of 4.8 reflects a medium severity impact primarily affecting availability. Exploitation requires local access with low complexity and no user interaction. No confirmed active exploitation in the wild has been reported.

A patch identified by commit 1251efbc1ea471c1311d2726b2bbe061ff2a291c is suggested to remediate this vulnerability. Since no official vendor advisory or remediation level is provided, users should apply this patch or upgrade to a version including this fix as soon as possible. Patch status is not yet confirmed by an official advisory; therefore, users should monitor the WebAssembly Binaryen project for official updates and apply the patch promptly to mitigate the risk.