2105 matches found
CVE-2025-58749
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...
Untrusted Pointer Dereference
Overview Affected versions of this package are vulnerable to Untrusted Pointer Dereference in the memory.fill process when the first operand memory address pointer is greater than or equal to 2147483648 bytes in LLVM-JIT mode. An attacker can cause the runtime to hang or crash by executing a...
CVE-2025-58749
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...
CVE-2025-58749
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...
AZL-67617 CVE-2025-58749 affecting package fluent-bit for versions less than 3.0.6-4
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...
AZL-67608 CVE-2025-58749 affecting package fluent-bit for versions less than 3.1.9-6
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...
CVE-2025-58749 WAMR runtime hangs or crashes with large memory.fill addresses in LLVM-JIT mode
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...
CVE-2025-58749
CVE-2025-58749 affects WebAssembly Micro Runtime (WAMR) prior to version 2.4.2. In LLVM-JIT mode, WebAssembly programs containing a memory.fill instruction with the first operand (memory address pointer) >= 2 GiB could cause the runtime to hang (release builds) or crash (debug builds) due to i...
CVE-2025-58749 WAMR runtime hangs or crashes with large memory.fill addresses in LLVM-JIT mode
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...
CVE-2025-58749 WAMR runtime hangs or crashes with large memory.fill addresses in LLVM-JIT mode
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...
PT-2025-38054
Name of the Vulnerable Software and Affected Versions: WebAssembly Micro Runtime WAMR versions prior to 2.4.2 Description: WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. When running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembl...
WebAssembly Micro Runtime 安全漏洞
WebAssembly Micro Runtime WAMR is a lightweight, standalone WebAssembly runtime open-sourced by the Bytecode Alliance. With a small footprint, high performance, and highly configurable features for applications ranging from embedded, IoT, and edge to Trusted Execution Environments TEEs, smart...
Exploring and Exploiting the Resource Isolation Attack Surface of WebAssembly Containers
Recently, the WebAssembly or Wasm technology has been rapidly evolving, with many runtimes actively under development, providing cross-platform secure sandboxes for Wasm modules to run as portable containers. Compared with Docker, which isolates applications at the operating system level, Wasm...
Embedded Malicious Code
Overview @duckdb/duckdb-wasm is an in-process analytical SQL database for the browser. It is powered by WebAssembly, speaks Arrow fluently, reads Parquet, CSV and JSON files backed by Filesystem APIs or HTTP requests and has been tested with Chrome, Firefox, Safari and Node.js. Affected versions ...
Introducing wasi-grpc for Spin
...
OESA-2025-2099 thunderbird security update
Security Fixes: On 64-bit platforms, IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack, while Baseline-JIT read the entire 64 bits. This vulnerability affects Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13,...
WebAssembly Micro Runtime's `--addr-pool` option allows all IPv4 addresses when subnet mask is not specified
...
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.
...
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.
...
Linux Distros Unpatched Vulnerability : CVE-2025-3122
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function...