Lucene search
K

92 matches found

CVE
CVE
added 2025/09/16 3:53 p.m.22 views

CVE-2025-58749

CVE-2025-58749 affects WebAssembly Micro Runtime (WAMR) prior to version 2.4.2. In LLVM-JIT mode, WebAssembly programs containing a memory.fill instruction with the first operand (memory address pointer) >= 2 GiB could cause the runtime to hang (release builds) or crash (debug builds) due to i...

5.3CVSS6.4AI score0.00344EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.6 views

WebAssembly Micro Runtime 安全漏洞

WebAssembly Micro Runtime WAMR is a lightweight, standalone WebAssembly runtime open-sourced by the Bytecode Alliance. With a small footprint, high performance, and highly configurable features for applications ranging from embedded, IoT, and edge to Trusted Execution Environments TEEs, smart...

5.3CVSS6.4AI score0.00344EPSS
Exploits1References3
Microsoft CVE
Microsoft CVE
added 2025/09/04 10:22 a.m.19 views

WebAssembly Micro Runtime's `--addr-pool` option allows all IPv4 addresses when subnet mask is not specified

...

6.9CVSS7AI score0.0061EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/07/31 10:4 p.m.9 views

CVE-2025-54126

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address that lacks a subnet mask, allowing the system to...

6.9CVSS7.1AI score0.0061EPSS
Exploits1References1
Snyk
Snyk
added 2025/07/29 10:43 p.m.2 views

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the --addr-pool option when a subnet mask is not specified. An attacker can gain unauthorized access by connecting from any IPv4 address, bypassing intended IP-based access restrictions...

6.9CVSS6.9AI score0.0061EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/07/29 10:15 p.m.4 views

CVE-2025-54126

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address that lacks a subnet mask, allowing the system to...

6.9CVSS7.2AI score0.0061EPSS
Exploits1References3
NVD
NVD
added 2025/07/29 10:15 p.m.61 views

CVE-2025-54126

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address that lacks a subnet mask, allowing the system to...

6.9CVSS0.0061EPSS
Exploits1References3
CVE
CVE
added 2025/07/29 9:52 p.m.25 views

CVE-2025-54126

The CVE-2025-54126 entry concerns WebAssembly Micro Runtime (WAMR) iwasm binary; versions 2.4.0 and earlier use --addr-pool with an IPv4 address lacking a subnet mask, allowing acceptance of all IPs and potentially bypassing access restrictions. This exposes services to all external connections a...

6.9CVSS7.1AI score0.0061EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/29 9:52 p.m.3 views

CVE-2025-54126 WebAssembly Micro Runtime's `--addr-pool` option allows all IPv4 addresses when subnet mask is not specified

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address that lacks a subnet mask, allowing the system to...

6.9CVSS6.3AI score0.0061EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/07/29 9:52 p.m.62 views

CVE-2025-54126 WebAssembly Micro Runtime's `--addr-pool` option allows all IPv4 addresses when subnet mask is not specified

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address that lacks a subnet mask, allowing the system to...

6.9CVSS0.0061EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/07/29 12:0 a.m.7 views

PT-2025-31268 · Iwasm +1 · Iwasm +1

Name of the Vulnerable Software and Affected Versions: WebAssembly Micro Runtime WAMR iwasm versions 2.4.0 and below Description: The iwasm package uses the --addr-pool option with an IPv4 address lacking a subnet mask. This configuration allows the system to accept all IP addresses, potentially...

6.9CVSS6.3AI score0.0061EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/07/29 12:0 a.m.5 views

WebAssembly Micro Runtime 安全漏洞

WebAssembly Micro Runtime WAMR is a lightweight, standalone WebAssembly runtime open-sourced by the Bytecode Alliance. With a small footprint, high performance, and highly configurable features for applications ranging from embedded, IoT, and edge to Trusted Execution Environments TEEs, smart...

6.9CVSS6.4AI score0.0061EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:49 a.m.11 views

CVE-2024-34251

An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "blocktypegetarity" function in core/iwasm/interpreter/wasm.h...

7.5CVSS6.8AI score0.00758EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:25 a.m.6 views

CVE-2024-27532

wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR 06df58f is vulnerable to NULL Pointer Dereference in function blocktypegetresulttypes...

7.5CVSS6.8AI score0.00493EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:25 a.m.8 views

CVE-2024-25431

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the checkwasabicompatibility function...

8.8CVSS7AI score0.00634EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 5:59 p.m.244 views

CVE-2025-43853

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink...

7CVSS6.9AI score0.0024EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 6:15 p.m.14 views

CVE-2025-43853

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink...

7CVSS0.0024EPSS
Exploits1References2
CVE
CVE
added 2025/05/15 5:13 p.m.52 views

CVE-2025-43853

CVE-2025-43853 concerns the WebAssembly Micro Runtime (WAMR) iwasm binary, including builds with WASI support. A symlink-following vulnerability affects WAMR up to and including version 2.2.0 (and WAMR builds on Windows using libc-uvwasi), where creating a symlink outside the preopened sandbox an...

7CVSS6.5AI score0.0024EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/05/15 5:13 p.m.6 views

CVE-2025-43853 iwasm vulnerable to filesystem sandbox escape with symlink when using uvwasi feature

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink...

7CVSS6.7AI score0.0024EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.3 views

WebAssembly Micro Runtime 安全漏洞

WebAssembly Micro Runtime WAMR is a lightweight, standalone WebAssembly runtime open-sourced by the Bytecode Alliance. With a small footprint, high performance, and highly configurable features for applications ranging from embedded, IoT, and edge to Trusted Execution Environments TEEs, smart...

7CVSS6.4AI score0.0024EPSS
Exploits1References2
Rows per page
Query Builder