11 matches found
CVE-2025-2368
The CVE-2025-2368 entry concerns WebAssembly wabt 1.0.36. The vulnerability occurs in wabt/src/interp/binary-reader-interp.cc, in the BinaryReaderInterp::OnExport function, within the Malformed File Handler component, causing a heap-based buffer overflow. The issue is described as remotely exploi...
CVE-2023-27119
CVE-2023-27119 : WebAssembly v1.0.29 contains a segmentation fault via the component wabt::Decompiler::WrapChild. Affects the WebAssembly toolchain; vulnerable code path can be triggered locally with user interaction, with availability impact listed as HIGH. No remediation or patch details are pr...
CVE-2022-43282
CVE-2022-43282 affects wasm-interp v1.0.29. The issue is an out-of-bounds read in OnReturnCallIndirectExpr->GetReturnCallDropKeepCount. Impact is high as per CVSS metrics (local access, user interaction required). PT-Security notes the issue and provides a workaround: restrict access to the On...
CVE-2025-2584
CVE-2025-2584 affects WebAssembly wabt 1.0.36. The vulnerability targets BinaryReaderInterp::GetReturnCallDropKeepCount in wabt/src/interp/binary-reader-interp.cc, enabling a heap-based buffer overflow. It can be triggered remotely; exploitation is deemed high complexity, and user interaction is ...
CVE-2022-43283
CVE-2022-43283 affects wasm2c v1.0.29, where an abort occurs in CWriter::Write. The root cause is an internal abort in that function, with CVSSv3.1 base score 5.5 (Medium): Local attack vector, no privileges required, user interaction needed, and availability impact is High. Publicly provided det...
CVE-2022-43280
CVE-2022-43280 affects wasm-interp v1.0.29 and is due to an out-of-bounds read in OnReturnCallExpr->GetReturnCallDropKeepCount. Impact per sources is HIGH (confidentiality and availability), with local attack vector and user interaction required. Public details across connected documents confi...
CVE-2025-6274
CVE-2025-6274 affects WebAssembly wabt up to 1.0.37, specifically OnDataCount in src/interp/binary-reader-interp.cc. The issue is caused by input manipulation that leads to resource consumption, enabling a local attacker to trigger denial-of-service behavior. The exploit has been disclosed public...
CVE-2025-15411
CVE-2025-15411 affects WebAssembly wabt
CVE-2025-6275
CVE-2025-6275 concerns WebAssembly wabt up to 1.0.37. The vulnerability affects the function GetFuncOffset in src/interp/binary-reader-interp.cc, where manipulation can lead to a use-after-free. It permits a local attack, with at least one public disclosure of an exploit. Connected sources consis...
CVE-2025-15412
CVE-2025-15412 affects WebAssembly wabt up to 1.0.39, specifically the function wabt::Decompiler::VarName in /src/repro/wabt/bin/wasm-decompile of the wasm-decompile component. The issue enables an out-of-bounds read and requires local access to exploit. The exploit has been disclosed publicly, a...
CVE-2025-6273
The CVE-2025-6273 entry concerns WebAssembly wabt up to 1.0.37. It affects the LogOpcode function in src/binary-reader-objdump.cc, where input manipulation can trigger a reachable assertion. Local access is required, and the exploit has been disclosed publicly; the code maintainer notes the issue...