5 matches found
CVE-2024-34251
The CVE-2024-34251 issue affects Bytecode Alliance wasm-micro-runtime: version 2.0.0 contains an out-of-bounds memory read in block_type_get_arity within core/iwasm/interpreter/wasm.h, exposing a remote attacker to cause a denial of service. Public advisories (including Red Hat/RH CVE entry and O...
CVE-2025-43853
CVE-2025-43853 concerns the WebAssembly Micro Runtime (WAMR) iwasm binary, including builds with WASI support. A symlink-following vulnerability affects WAMR up to and including version 2.2.0 (and WAMR builds on Windows using libc-uvwasi), where creating a symlink outside the preopened sandbox an...
CVE-2024-27532
CVE-2024-27532 affects wasm-micro-runtime (WAMR) version 06df58f. The vulnerability is a NULL pointer dereference in the function block_type_get_result_types, as described in the CVE entry. CVSS says network attack vector, low attack complexity, no privileges or user interaction required, with co...
CVE-2023-48105
CVE-2023-48105 affects Bytecode Alliance’s wasm-micro-runtime, version 1.2.3. The vulnerability resides in the function wasm_loader_prepare_bytecode (core/iwasm/interpreter/wasm_loader.c) and is a heap overflow that allows a remote attacker to cause a denial of service. Public documents confirm t...
CVE-2025-64713
CVE-2025-64713 affects WebAssembly Micro Runtime (WAMR). In fast interpreter mode prior to version 2.4.4, an out-of-bounds access can occur during WASM bytecode loading when frame_ref_bottom and frame_offset_bottom arrays are at capacity, a GET_GLOBAL(I32) opcode expands frame_ref_bottom but not ...