GHSA-RRMW-GV85-W824 pywasm3 has Improper Restriction of Operations within the Bounds of a Memory Buffer

A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the publi...

CVE-2024-30266

wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This...

Azle 安全漏洞

Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP open-sourced by Demergent. A security vulnerability exists in Azle versions 0.27.0, 0.28.0, and 0.29.0 that stems from a call to setTimer that may result in an infinite loop...

PYSEC-2024-306

wasm3 139076a contains a Use-After-Free in ForEachModule...

AZL-53187 CVE-2024-25431 affecting package fluent-bit for versions less than 2.2.3-5

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the checkwasabicompatibility function...

Wasmtime 安全漏洞

Wasmtime is a standalone WebAssembly and WASI-only wasm optimization runtime open-sourced by the Bytecode Alliance. A security vulnerability exists in Wasmtime. An attacker exploiting this vulnerability could cause denial of access...

PT-2024-24758 · Samsung · Walrus

Name of the Vulnerable Software and Affected Versions: Walrus versions before 72c7230f32a0b791355bbdfc78669701024b0956 Description: The issue is related to an Improper Validation of Array Index in the Samsung Open Source Walrus Webassembly runtime engine, which can cause a segmentation fault...

SAMSUNG WALRUS Security Vulnerability

SAMSUNG WALRUS is a project of the South Korean company Samsung SAMSUNG. It aims to provide a lightweight WebAssembly runtime engine. A security vulnerability exists in SAMSUNG WALRUS that stems from improper array index validation leading to a segmentation error...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the wasmloadercheckbr function. An attacker can trigger a crash on the affected application. Remediation Upgrade wasm-micro-runtime to version 1.3.3 or higher. References - GitHub Commit - GitHub Issue...

pywasm3 contains a global buffer overflow which leads to segmentation fault

wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function "PreserveRegisterIfOccupied" in wasm3/source/m3compile.c...

wasm3 安全漏洞

wasm3 is the fastest WebAssembly interpreter, and the most versatile runtime. A security vulnerability exists in version v0.5.0 of wasm3, which originates from a segmentation error via the function main in wasm3/platforms/app/main.c. The vulnerability is caused by the use of the function main in...

CVE-2024-30266

wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This...

CVE-2023-51661 Filesystem sandbox not enforced in wasmer-cli

Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This...

PT-2023-31873 · Wasmer · Wasmer

Name of the Vulnerable Software and Affected Versions: Wasmer versions prior to 4.2.4 Description: The issue affects Wasmer, a WebAssembly runtime, allowing Wasm programs to access the filesystem outside of the sandbox. This can lead to service providers running untrusted Wasm code on Wasmer...

WebAssembly Micro Runtime Security Vulnerability

WebAssembly Micro Runtime WAMR is a lightweight, standalone WebAssembly runtime open-sourced by the Bytecode Alliance. With a small footprint, high performance, and highly configurable features for applications ranging from embedded, IoT, and edge to Trusted Execution Environments TEEs, smart...

Wasmtime Security Breach

Wasmtime is a bytecode consortium project that is a standalone wasm-optimized runtime for WebAssembly and WASI only. A security vulnerability exists in Wasmtime. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...

Wasmtime 缓冲区错误漏洞

Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. Wasmtime suffers from a buffer error vulnerability that stems from the code generator's address pattern calculation incorrectly calculating valid addresses, which can be exploited by an...

Wasmtime 缓冲区错误漏洞

Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. A security vulnerability exists in versions of Wasmtime prior to 2.0.2, which stems from out-of-bounds reads and writes in its zero-memory page configuration...

Wasmtime 安全漏洞

Wasmtime is a bytecode consortium project that is a standalone wasm-optimized runtime for WebAssembly and WASI only. A security vulnerability exists in Wasmtime. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...

WAVM Buffer Overflow Vulnerability (CNVD-2019-09774)

WAVM is the WebAssembly Virtual Machine. A heap buffer overflow vulnerability exists in FunctionValidationContext::else in WAVM 2018-07-26 and earlier versions, which can be exploited by an attacker to cause a denial of service application crash by sending a specially crafted file...