19 matches found
CVE-2024-34249
The connected documents confirm a concrete issue in wasm3 v0.5.0: a heap buffer overflow in the DeallocateSlot function (wasm3/source/m3_compile.c) that leads to a segmentation fault. Exploitation may require local network access (PT-2024-25767). Remediation guidance cites updating to a patched v...
CVE-2024-27529
CVE-2024-27529 concerns wasm3, a WebAssembly interpreter. The issue is a memory leak in the Read_utf8 function at commit 139076a, affecting wasm3 139076a. The vulnerability is described as memory leaks (and related DoS implications in various advisories) with a high impact on confidentiality, int...
CVE-2025-15572
wasm3 up to 0.5.0 contains a local vulnerability in the NewCodePage function that leads to a memory leak. The issue is exploitable locally, with an exploit publicly disclosed. There is currently no active maintainer for the project. The provided metrics indicate partial availability impact and lo...
CVE-2022-28990
WASM3 v0.5.0 contains a heap overflow in the /wabt/bin/poc.wasm component. CVSS details (3.1) indicate local attack vector with low complexity and high impact (C/H/I/A). No remediation details are provided in the supplied documents; exploitation status is not stated.
CVE-2021-38592
CVE-2021-38592 affects Wasm3 0.5.0 and is a heap-based buffer overflow in op_Const64 (triggered via EvaluateExpression and m3_LoadModule). According to sources, exploitability is network with no authentication, and impact includes availability loss (A: High). Remediation details are not provided ...
CVE-2024-27530
CVE-2024-27530 affects wasm3, version 139076a, with a Use-After-Free in ForEachModule. The issue is memory-safety related and can have high impact per CVSS. Public details consistently identify ForEachModule as the vulnerable component and a memory-use-after-free condition. A practical workaround...
CVE-2022-39974
CVE-2022-39974 affects WASM3 v0.5.0. The root cause is a segmentation fault in the op_Select_i32_srs path of wasm3/source/m3_exec.h, potentially causing availability impact. Exploitation is indicated as possible via a proof-of-concept (per references noting a poc), with the CVSSv3.1 profile showi...
CVE-2022-28966
Wasm3 0.5.0 contains a heap-based buffer overflow in NewCodePage (m3_code.c), triggered indirectly via Compile_BranchTable in m3_compile.c. This is the concrete vulnerability described across multiple sources (CVE-2022-28966). The connected documents identify the affected component and root cause...
CVE-2022-44874
CVE-2022-44874 concerns wasm3, with a segmentation fault detected in the op_CallIndirect path of the interpreter. Affected version includes commit 7890a2097569fde845881e0b352d813573e371f9; the issue arises in the /m3_exec.h component. The connected documents do not provide an official patched ver...
CVE-2024-27527
CVE-2024-27527 affects wasm3 version 139076a and describes a vulnerability that can lead to a Denial of Service (DoS). The connected sources consistently state that wasm3 139076a is vulnerable to DoS, with the issue rooted in a flaw that could be exploited to render the wasm3 runtime unavailable....
CVE-2024-34252
CVE-2024-34252 affects wasm3 v0.5.0, where a global buffer overflow in the function PreserveRegisterIfOccupied (wasm3/source/m3_compile.c) can cause a segmentation fault. The vulnerability is described across multiple sources (NVD, Red Hat, OSV, CNNVD, CVE CVE list) with CVSS v3.1 base score 7.5 ...
CVE-2022-34529
CVE-2022-34529 affects WASM3 v0.5.0, with a segmentation fault occurring in the Compile_Memory_CopyFill component. Multiple connected records (Red Hat, GHSA, OSV, NVD, etc.) corroborate a segmentation fault in this module, indicating a likely crash condition when executing memory copy/fill operat...
CVE-2024-34246
Wasm3 v0.5.0 contains an out-of-bounds memory read that leads to a segmentation fault via wasm3/platforms/app/main.c::main. The Red Hat, NVD, OSV, CNNVD, CVE listings, and linked sources consistently describe this issue as a memory read vulnerability causing a crash. The available documents do no...
CVE-2024-27528
CVE-2024-27528 affects wasm3 version 139076a with an Invalid Memory Read vulnerability that can cause Denial of Service and potentially Code Execution. Multiple sources (NVD, Red Hat, CNNVD, CVE listings, PT-security) corroborate the issue and describe the same root cause and impact. Exploitation...
CVE-2021-45947
Wasm3 0.5.0 is affected by an out-of-bounds write in Runtime_Release, triggered from EvaluateExpression and InitDataSegments. This is the concrete issue described across CVE-2021-45947 entries (e.g., Red Hat, NVD, OSV). The vulnerability appears in the runtime code path of Wasm3, potentially impa...
CVE-2021-45946
Wasm3 0.5.0 contains an out-of-bounds write in the CompileBlock path, triggered by Compile_LoopOrBlock and CompileBlockStatements. This is the documented root cause of CVE-2021-45946, as reflected across multiple sources (NVD, Red Hat, OSV, CVE lists). The connected records confirm the vulnerable...
CVE-2021-45929
CVE-2021-45929 affects Wasm3 0.5.0 with an out-of-bounds write in the CompileBlock function (invoked by CompileElseBlock and Compile_If). The connected sources confirm the exact vulnerable component and code path, but there is no public detail on exploit status, impact scope, or available fixes i...
CVE-2025-6272
Wasm3 v0.5.0 contains a vulnerability in the MarkSlotAllocated function in source/m3_compile.c that enables an out-of-bounds write. The issue is exploitable locally and has been disclosed publicly. Connected sources corroborate the basic details; one PT Security advisory suggests a temporary work...
CVE-2025-15413
Summary: CVE-2025-15413 affects wasm3 up to 0.5.0, specifically the functions in the file m3_exec.h: op_SetSlot_i32 and op_CallIndirect. The vulnerability allows memory corruption via local manipulation of execution flow. What’s affected: wasm3 0.5.0 and earlier; code paths involved are the slot-...