11 matches found
CVE-2023-52284
WAMR (wasm-micro-runtime) versions prior to 1.3.0 are affected by CVE-2023-52284 due to mishandling of push_pop_frame_ref_offset, which can lead to a double free or memory corruption when processing a valid WebAssembly module. The issue is rooted in the runtime’s frame reference offset handling. ...
CVE-2024-34251
The CVE-2024-34251 issue affects Bytecode Alliance wasm-micro-runtime: version 2.0.0 contains an out-of-bounds memory read in block_type_get_arity within core/iwasm/interpreter/wasm.h, exposing a remote attacker to cause a denial of service. Public advisories (including Red Hat/RH CVE entry and O...
CVE-2024-25431
CVE-2024-25431 affects the WebAssembly Micro Runtime (WAMR) from Bytecode Alliance. Pre- v.b3f728c builds are vulnerable to privilege escalation via a crafted file that targets the check_was_abi_compatibility function. The issue is mitigated by the fix introduced in commit 06df58f. Multiple conne...
CVE-2024-34250
CVE-2024-34250 : A heap buffer overflow was found in Bytecode Alliance’s wasm-micro-runtime v2.0.0, allowing a remote attacker to cause a denial of service via the function wasm_loader_check_br in core/iwasm/interpreter/wasm_loader.c. The vulnerability is described across multiple feeds (includin...
CVE-2024-27532
CVE-2024-27532 affects wasm-micro-runtime (WAMR) version 06df58f. The vulnerability is a NULL pointer dereference in the function block_type_get_result_types, as described in the CVE entry. CVSS says network attack vector, low attack complexity, no privileges or user interaction required, with co...
CVE-2025-43853
CVE-2025-43853 concerns the WebAssembly Micro Runtime (WAMR) iwasm binary, including builds with WASI support. A symlink-following vulnerability affects WAMR up to and including version 2.2.0 (and WAMR builds on Windows using libc-uvwasi), where creating a symlink outside the preopened sandbox an...
CVE-2023-48105
CVE-2023-48105 affects Bytecode Alliance’s wasm-micro-runtime, version 1.2.3. The vulnerability resides in the function wasm_loader_prepare_bytecode (core/iwasm/interpreter/wasm_loader.c) and is a heap overflow that allows a remote attacker to cause a denial of service. Public documents confirm t...
CVE-2025-64704
The CVE-2025-64704 affects the WebAssembly Micro Runtime (WAMR) prior to version 2.4.4. The root cause is a segmentation fault in the v128.store instruction, leading to potential crashes or disruption of execution when processing Wasm code. The issue has been patched in WAMR 2.4.4, so upgrading t...
CVE-2025-54126
The CVE-2025-54126 entry concerns WebAssembly Micro Runtime (WAMR) iwasm binary; versions 2.4.0 and earlier use --addr-pool with an IPv4 address lacking a subnet mask, allowing acceptance of all IPs and potentially bypassing access restrictions. This exposes services to all external connections a...
CVE-2025-58749
CVE-2025-58749 affects WebAssembly Micro Runtime (WAMR) prior to version 2.4.2. In LLVM-JIT mode, WebAssembly programs containing a memory.fill instruction with the first operand (memory address pointer) >= 2 GiB could cause the runtime to hang (release builds) or crash (debug builds) due to i...
CVE-2025-64713
CVE-2025-64713 affects WebAssembly Micro Runtime (WAMR). In fast interpreter mode prior to version 2.4.4, an out-of-bounds access can occur during WASM bytecode loading when frame_ref_bottom and frame_offset_bottom arrays are at capacity, a GET_GLOBAL(I32) opcode expands frame_ref_bottom but not ...