Building a GraphQL API with Fermyon Wasm Functions

Use this step-by-step guide to create a serverless GraphQL client that fetches GitHub repository stargazer data using Rust, WebAssembly, and Fermyon Wasm Functions...

firefox: thunderbird: Large branch table could lead to truncated instruction

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: On arm64, a WASM brtable instruction with a large number of entries could lead to the label being too far from the instruction, causing truncation and incorrect computation of th...

firefox: thunderbird: Large branch table could lead to truncated instruction

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: On arm64, a WASM brtable instruction with a large number of entries could lead to the label being too far from the instruction, causing truncation and incorrect computation of th...

DEBIAN-CVE-2025-8028

On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1,...

UBUNTU-CVE-2025-8028

On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird...

PT-2025-30477

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 141 Firefox ESR versions prior to 115.26 Firefox ESR versions prior to 128.13 Firefox ESR versions prior to 140.1 Thunderbird versions prior to 141 Thunderbird versions prior to 128.13 Thunderbird versions prior to...

FreeBSD : libwasmtime -- host panic with fd_renumber WASIp1 function (605a9d1e-6521-11f0-beb2-ac5afc632ba3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 605a9d1e-6521-11f0-beb2-ac5afc632ba3 advisory. WasmTime development team reports: A bug in Wasmtime's implementation of the WASIp1 set of import...

GHSA-FM79-3F68-H2FC Wasmtime CLI is vulnerable to host panic through its fd_renumber function

Summary A bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling fdrenumber with either: - two equal argument values - second argument being equal...

DEBIAN-CVE-2025-53901

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

CVE-2025-53901

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

CVE-2025-53901

Wasmtime WASI (wasmtime-wasi) contains a bug in the WASIp1 import implementation. Prior to 24.0.4, 33.0.2, and 34.0.2, calling fd_renumber followed by path_open can cause a WebAssembly guest to panic the host (embedder). The panic results from a corrupt state in fd_renumber when a second open fil...

CVE-2025-53901 Wasmtime has host panic with `fd_renumber` WASIp1 function

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

CVE-2025-53901 Wasmtime has host panic with `fd_renumber` WASIp1 function

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

CVE-2025-53901

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

libwasmtime -- host panic with fd_renumber WASIp1 function

WasmTime development team reports: A bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder...

Bytecode Alliance Wasmtime 安全漏洞

Bytecode Alliance Wasmtime is a standalone WebAssembly and WASI-only wasm optimization software open-sourced by Bytecode Alliance. A security vulnerability exists in Bytecode Alliance Wasmtime versions prior to 24.0.4, 33.0.2, and 34.0.2, which stems from a WASIp1 implementation flaw that could...

PT-2025-30073 · Bytecode Alliance · Wasmtime

Name of the Vulnerable Software and Affected Versions: Wasmtime versions 24.0.0 through 24.0.3 Wasmtime versions 33.0.0 through 33.0.1 Wasmtime versions 34.0.0 through 34.0.1 Description: Wasmtime is a runtime for WebAssembly. A bug in Wasmtime's implementation of the WASIp1 set of import functio...

Running Serverless Wasm Functions on the Edge with k3s and SpinKube

...

CVE-2025-6275

A use-after-free vulnerability has been discovered in WebAssembly's WebAssembly Binary Toolkit wabt, specifically within the GetFuncOffset function. This flaw can be triggered by an attacker with local system access through the manipulation of input provided to this function. Successful...

CVE-2025-6274

A denial-of-service vulnerability has been identified in WebAssembly's WebAssembly Binary Toolkit wabt, specifically within the OnDataCount function. This flaw allows an attacker with local access to trigger runaway resource consumption for example, excessive memory or CPU usage by manipulating...