Webassembly Micro Runtime@* Security Vulnerabilities and Issues — Webassembly Micro Runtime@* CVE List

BytecodeallianceWebassembly Micro Runtime*

7 matches found

CVE•added 2024/11/08 12:0 a.m.•59 views

CVE-2024-25431

CVE-2024-25431 affects the WebAssembly Micro Runtime (WAMR) from Bytecode Alliance. Pre- v.b3f728c builds are vulnerable to privilege escalation via a crafted file that targets the check_was_abi_compatibility function. The issue is mitigated by the fix introduced in commit 06df58f. Multiple conne...

8.8CVSS7.1AI score0.01112EPSS

CVE•added 2023/12/31 12:0 a.m.•56 views

CVE-2023-52284

WAMR (wasm-micro-runtime) versions prior to 1.3.0 are affected by CVE-2023-52284 due to mishandling of push_pop_frame_ref_offset, which can lead to a double free or memory corruption when processing a valid WebAssembly module. The issue is rooted in the runtime’s frame reference offset handling. ...

5.5CVSS5.5AI score0.00046EPSS

CVE•added 2024/11/08 12:0 a.m.•54 views

CVE-2024-27532

CVE-2024-27532 affects wasm-micro-runtime (WAMR) version 06df58f. The vulnerability is a NULL pointer dereference in the function block_type_get_result_types, as described in the CVE entry. CVSS says network attack vector, low attack complexity, no privileges or user interaction required, with co...

7.5CVSS6.6AI score0.00154EPSS

CVE•added 2025/05/15 5:13 p.m.•34 views

CVE-2025-43853

CVE-2025-43853 concerns the WebAssembly Micro Runtime (WAMR) iwasm binary, including builds with WASI support. A symlink-following vulnerability affects WAMR up to and including version 2.2.0 (and WAMR builds on Windows using libc-uvwasi), where creating a symlink outside the preopened sandbox an...

7CVSS6.5AI score0.00117EPSS

CVE•added 2025/11/25 10:6 p.m.•34 views

CVE-2025-64704

The CVE-2025-64704 affects the WebAssembly Micro Runtime (WAMR) prior to version 2.4.4. The root cause is a segmentation fault in the v128.store instruction, leading to potential crashes or disruption of execution when processing Wasm code. The issue has been patched in WAMR 2.4.4, so upgrading t...

5.5CVSS6.4AI score0.0002EPSS

CVE•added 2025/09/16 3:53 p.m.•18 views

CVE-2025-58749

CVE-2025-58749 affects WebAssembly Micro Runtime (WAMR) prior to version 2.4.2. In LLVM-JIT mode, WebAssembly programs containing a memory.fill instruction with the first operand (memory address pointer) >= 2 GiB could cause the runtime to hang (release builds) or crash (debug builds) due to i...

5.3CVSS6.4AI score0.00091EPSS

CVE•added 2025/11/25 10:13 p.m.•9 views

CVE-2025-64713

CVE-2025-64713 affects WebAssembly Micro Runtime (WAMR). In fast interpreter mode prior to version 2.4.4, an out-of-bounds access can occur during WASM bytecode loading when frame_ref_bottom and frame_offset_bottom arrays are at capacity, a GET_GLOBAL(I32) opcode expands frame_ref_bottom but not ...

7.4CVSS6.5AI score0.0002EPSS