CVE-2024-34250

A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasmloadercheckbr" function in core/iwasm/interpreter/wasmloader.c...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the preservelocalforblock function, when handling a sequence where a GETGLOBALI32 opcode is followed by an if opcode in fast interpreter mode. An attacker can cause out-of-bounds access to the frameoffsetbottom arr...

EUVD-2023-52186

Malicious code in bioql PyPI...

Untrusted Pointer Dereference

Overview Affected versions of this package are vulnerable to Untrusted Pointer Dereference in the memory.fill process when the first operand memory address pointer is greater than or equal to 2147483648 bytes in LLVM-JIT mode. An attacker can cause the runtime to hang or crash by executing a...

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the --addr-pool option when a subnet mask is not specified. An attacker can gain unauthorized access by connecting from any IPv4 address, bypassing intended IP-based access restrictions...

CVE-2024-34251

An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "blocktypegetarity" function in core/iwasm/interpreter/wasm.h...

CVE-2024-27532

wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR 06df58f is vulnerable to NULL Pointer Dereference in function blocktypegetresulttypes...

CVE-2024-25431

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the checkwasabicompatibility function...

wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types.

...

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function.

...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference through the blocktypegetresulttypes function. Remediation Upgrade wasm-micro-runtime to version 2.2.0 or higher. References - GitHub Commit - GitHub Gist - GitHub Issue Credit: Ziyi Guo...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the checkwasabicompatibility function. Remediation There is no fixed version for wasm-micro-runtime. References - GitHub Commit - GitHub Gist - GitHub Issue - GitHub PR Credit: Ziyi Guo...

CVE-2024-25431

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the checkwasabicompatibility function...

CVE-2024-25431

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the checkwasabicompatibility function...

CVE-2024-25431

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the checkwasabicompatibility function...

PT-2024-20939 · Bytecode Alliance · Wasm-Micro-Runtime

Name of the Vulnerable Software and Affected Versions: bytecodealliance wasm-micro-runtime versions before v.b3f728c Description: The issue allows a remote attacker to escalate privileges via a crafted file to the check was abi compatibility function. Recommendations: For versions before v.b3f728...

CVE-2024-25431

CVE-2024-25431 affects the WebAssembly Micro Runtime (WAMR) from Bytecode Alliance. Pre- v.b3f728c builds are vulnerable to privilege escalation via a crafted file that targets the check_was_abi_compatibility function. The issue is mitigated by the fix introduced in commit 06df58f. Multiple conne...

CVE-2024-27532

wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR 06df58f is vulnerable to NULL Pointer Dereference in function blocktypegetresulttypes...

CBL Mariner 2.0 Security Update: fluent-bit (CVE-2024-34250)

The version of fluent-bit installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-34250 advisory. - A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which...

A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasm_loader_check_br" function in core/iwasm/interpreter/wasm_loader.c.

...