WAMR runtime hangs or crashes with large memory.fill addresses in LLVM-JIT mode

...

AZL-67617 CVE-2025-58749 affecting package fluent-bit for versions less than 3.0.6-4

WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...

CVE-2025-54126 WebAssembly Micro Runtime's `--addr-pool` option allows all IPv4 addresses when subnet mask is not specified

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address that lacks a subnet mask, allowing the system to...

CVE-2025-43853 iwasm vulnerable to filesystem sandbox escape with symlink when using uvwasi feature

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink...

CVE-2025-43853 iwasm vulnerable to filesystem sandbox escape with symlink when using uvwasi feature

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink...

CVE-2025-43853 iwasm vulnerable to filesystem sandbox escape with symlink when using uvwasi feature

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink...

PT-2025-21340 · Wamr +1 · Wamr +1

Name of the Vulnerable Software and Affected Versions: WAMR versions up to and including 2.2.0 WAMR built with libc-uvwasi on Windows Description: The issue is related to a symlink following vulnerability in the WebAssembly Micro Runtime WAMR. On WAMR running in Windows, creating a symlink pointi...

CVE-2024-27532

wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR 06df58f is vulnerable to NULL Pointer Dereference in function blocktypegetresulttypes...

CVE-2024-27532

wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR 06df58f is vulnerable to NULL Pointer Dereference in function blocktypegetresulttypes...

CBL Mariner 2.0 Security Update: fluent-bit (CVE-2023-52284)

The version of fluent-bit installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-52284 advisory. - Bytecode Alliance wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR before 1.3.0 can have an doub...

CVE-2023-52284

Bytecode Alliance wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because pushpopframerefoffset is mishandled...

CVE-2023-52284

WAMR (wasm-micro-runtime) versions prior to 1.3.0 are affected by CVE-2023-52284 due to mishandling of push_pop_frame_ref_offset, which can lead to a double free or memory corruption when processing a valid WebAssembly module. The issue is rooted in the runtime’s frame reference offset handling. ...

CVE-2023-52284

Bytecode Alliance wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because pushpopframerefoffset is mishandled...