2114 matches found
WebAssembly wabt 安全漏洞
WebAssembly wabt is a WebAssembly binary toolkit open-sourced by WebAssembly. A security vulnerability exists in WebAssembly wabt 1.0.37 and earlier versions, which originates from a reachable assertion in the function LogOpcode in the file src/binary-reader-objdump.cc...
PT-2025-26237 · Unknown +1 · Webassembly Wabt +1
Name of the Vulnerable Software and Affected Versions: WebAssembly wabt versions up to 1.0.37 Description: A vulnerability was found in WebAssembly wabt, affecting the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible t...
PT-2025-26236 · Unknown +1 · Webassembly Wabt +1
Name of the Vulnerable Software and Affected Versions: WebAssembly wabt versions up to 1.0.37 Description: A vulnerability was found in WebAssembly wabt, classified as problematic. The function OnDataCount of the file src/interp/binary-reader-interp.cc is affected, leading to resource consumption...
PT-2025-26235
Name of the Vulnerable Software and Affected Versions WebAssembly wabt versions 1.0.37 and earlier Description A vulnerability was found in the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to a reachable assertion. Local access is required to approach this...
Astra Linux – Vulnerability in Firefox
On 64-bit CPUs, when the JIT compiler compiles WASM i32 return values, it may pick up bits from remaining memory. This could potentially lead to these values being treated as a different type. This vulnerability has been fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136...
Browser Fingerprinting Using WebAssembly
Web client fingerprinting has become a widely used technique for uniquely identifying users, browsers, operating systems, and devices with high accuracy. While it is beneficial for applications such as fraud detection and personalized experiences, it also raises privacy concerns by enabling...
CVE-2024-30266
wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This...
CVE-2023-51661
Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This...
CVE-2023-41880
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
CVE-2023-26489
wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x8664 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug mea...
CVE-2022-31104
Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x8664 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bu...
CVE-2022-21685
Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...
CVE-2022-39392
Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mappi...
CVE-2020-6103
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered...
CVE-2025-43853
The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink...
CVE-2025-43853
The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink...
CVE-2025-43853
CVE-2025-43853 concerns the WebAssembly Micro Runtime (WAMR) iwasm binary, including builds with WASI support. A symlink-following vulnerability affects WAMR up to and including version 2.2.0 (and WAMR builds on Windows using libc-uvwasi), where creating a symlink outside the preopened sandbox an...
CVE-2025-43853 iwasm vulnerable to filesystem sandbox escape with symlink when using uvwasi feature
The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink...
WebAssembly Micro Runtime 安全漏洞
WebAssembly Micro Runtime WAMR is a lightweight, standalone WebAssembly runtime open-sourced by the Bytecode Alliance. With a small footprint, high performance, and highly configurable features for applications ranging from embedded, IoT, and edge to Trusted Execution Environments TEEs, smart...
WebAssembly Jobs and CronJobs in Kubernetes with SpinKube & the Spin Command Trigger
Learn how to run WebAssembly workloads as Kubernetes Jobs and CronJobs using SpinKube and the Spin command trigger...