CVE-2025-6274

A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclose...

GHSA-RRMW-GV85-W824 pywasm3 has Improper Restriction of Operations within the Bounds of a Memory Buffer

A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the publi...

CVE-2025-6273 WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion

A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been...

CVE-2025-6273 WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion

A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been...

CVE-2025-6273

The CVE-2025-6273 entry concerns WebAssembly wabt up to 1.0.37. It affects the LogOpcode function in src/binary-reader-objdump.cc, where input manipulation can trigger a reachable assertion. Local access is required, and the exploit has been disclosed publicly; the code maintainer notes the issue...

CVE-2025-6273

A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been...

PYSEC-2025-186

A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the publi...

PT-2025-26237 · Unknown +1 · Webassembly Wabt +1

Name of the Vulnerable Software and Affected Versions: WebAssembly wabt versions up to 1.0.37 Description: A vulnerability was found in WebAssembly wabt, affecting the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible t...

WebAssembly wabt 资源管理错误漏洞

WebAssembly wabt is a WebAssembly binary toolkit open-sourced by WebAssembly. A resource management error vulnerability exists in WebAssembly wabt 1.0.37 and earlier versions, which stems from a resource consumption in the function OnDataCount in the file src/interp/binary-reader-interp.cc...

WebAssembly wabt 资源管理错误漏洞

WebAssembly wabt is a WebAssembly binary toolkit open-sourced by WebAssembly. A resource management error vulnerability exists in WebAssembly wabt 1.0.37 and earlier versions, which stems from post-release reuse of the function GetFuncOffset in the file src/interp/binary-reader-interp.cc...

WebAssembly wabt 安全漏洞

WebAssembly wabt is a WebAssembly binary toolkit open-sourced by WebAssembly. A security vulnerability exists in WebAssembly wabt 1.0.37 and earlier versions, which originates from a reachable assertion in the function LogOpcode in the file src/binary-reader-objdump.cc...

PT-2025-26236 · Unknown +1 · Webassembly Wabt +1

Name of the Vulnerable Software and Affected Versions: WebAssembly wabt versions up to 1.0.37 Description: A vulnerability was found in WebAssembly wabt, classified as problematic. The function OnDataCount of the file src/interp/binary-reader-interp.cc is affected, leading to resource consumption...

PT-2025-26235

Name of the Vulnerable Software and Affected Versions WebAssembly wabt versions 1.0.37 and earlier Description A vulnerability was found in the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to a reachable assertion. Local access is required to approach this...

Astra Linux – Vulnerability in Firefox

On 64-bit CPUs, when the JIT compiler compiles WASM i32 return values, it may pick up bits from remaining memory. This could potentially lead to these values being treated as a different type. This vulnerability has been fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136...

Browser Fingerprinting Using WebAssembly

Web client fingerprinting has become a widely used technique for uniquely identifying users, browsers, operating systems, and devices with high accuracy. While it is beneficial for applications such as fraud detection and personalized experiences, it also raises privacy concerns by enabling...

CVE-2024-30266

wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This...

CVE-2023-51661

Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This...

CVE-2023-41880

Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...

CVE-2023-26489

wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x8664 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug mea...

CVE-2022-31104

Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x8664 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bu...