WebAssembly Micro Runtime's `--addr-pool` option allows all IPv4 addresses when subnet mask is not specified

...

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the --addr-pool option when a subnet mask is not specified. An attacker can gain unauthorized access by connecting from any IPv4 address, bypassing intended IP-based access restrictions...

AZL-66045 CVE-2025-54126 affecting package fluent-bit for versions less than 3.1.9-5

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address that lacks a subnet mask, allowing the system to...

AZL-66048 CVE-2025-54126 affecting package fluent-bit for versions less than 3.0.6-3

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address that lacks a subnet mask, allowing the system to...

CVE-2025-45866

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface...

TOTOLINK A3002R 安全漏洞

The TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. TOTOLINK A3002R suffers from a buffer overflow vulnerability that originates from the failure of the addrPoolStart parameter in the formDhcpv6s interface to correctly validate the length size of the input data, no...