Webassembly Micro Runtime Security Vulnerabilities and Issues — Webassembly Micro Runtime CVE List

Lucene search

BytecodeallianceWebassembly Micro Runtime

8 matches found

CVE•added 2024/05/06 4:15 p.m.•52 views

CVE-2024-34251

An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "block_type_get_arity" function in core/iwasm/interpreter/wasm.h.

7.5CVSS6.7AI score0.00332EPSS

CVE•added 2024/11/08 5:15 p.m.•51 views

CVE-2024-25431

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function.

8.8CVSS7.1AI score0.00418EPSS

CVE•added 2024/05/06 4:15 p.m.•47 views

CVE-2024-34250

A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasm_loader_check_br" function in core/iwasm/interpreter/wasm_loader.c.

6.2CVSS7.2AI score0.00109EPSS

CVE•added 2023/12/31 6:15 a.m.•39 views

CVE-2023-52284

Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.

5.5CVSS5.5AI score0.00046EPSS

CVE•added 2023/11/22 11:15 p.m.•25 views

CVE-2023-48105

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c.

7.5CVSS7.5AI score0.00369EPSS

CVE•added 2025/05/15 6:15 p.m.•24 views

CVE-2025-43853

The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlin...

7CVSS6.5AI score0.00023EPSS

CVE•added 2025/07/29 10:15 p.m.•6 views

CVE-2025-54126

The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address that lacks a subnet mask, allowing the system ...

6.9CVSS7.1AI score0.0005EPSS

CVE•added 2025/09/16 4:15 p.m.•6 views

CVE-2025-58749

WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand (memory address ...

5.3CVSS6.4AI score0.00037EPSS