Filtered by vendor Webassembly
Subscriptions
Total
40 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6275 | 1 Webassembly | 1 Wabt | 2025-07-02 | 3.3 Low |
| A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future. | ||||
| CVE-2025-6274 | 1 Webassembly | 1 Wabt | 2025-07-02 | 3.3 Low |
| A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future. | ||||
| CVE-2025-6273 | 1 Webassembly | 1 Wabt | 2025-06-23 | 3.3 Low |
| A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect "real world wasm programs". | ||||
| CVE-2022-43283 | 1 Webassembly | 1 Wabt | 2025-05-08 | 5.5 Medium |
| wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. | ||||
| CVE-2022-43282 | 1 Webassembly | 1 Wabt | 2025-05-08 | 7.1 High |
| wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount. | ||||
| CVE-2022-43281 | 1 Webassembly | 1 Wasm | 2025-05-08 | 7.8 High |
| wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h. | ||||
| CVE-2022-43280 | 1 Webassembly | 1 Wabt | 2025-05-07 | 7.1 High |
| wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount. | ||||
| CVE-2025-3122 | 1 Webassembly | 1 Wabt | 2025-04-07 | 3.1 Low |
| A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2584 | 1 Webassembly | 1 Wabt | 2025-03-24 | 5 Medium |
| A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2368 | 1 Webassembly | 1 Wabt | 2025-03-17 | 6.3 Medium |
| A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2023-27119 | 1 Webassembly | 1 Wabt | 2025-02-28 | 5.5 Medium |
| WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild. | ||||
| CVE-2023-27115 | 1 Webassembly | 1 Webassembly | 2025-02-28 | 5.5 Medium |
| WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size. | ||||
| CVE-2023-27116 | 1 Webassembly | 1 Webassembly | 2025-02-28 | 5.5 Medium |
| WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType. | ||||
| CVE-2023-27117 | 1 Webassembly | 1 Webassembly | 2025-02-28 | 7.8 High |
| WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator. | ||||
| CVE-2023-31670 | 1 Webassembly | 1 Webassembly Binary Toolkit | 2025-01-31 | 7.5 High |
| An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary. | ||||
| CVE-2023-31669 | 1 Webassembly | 1 Webassembly Binary Toolkit | 2025-01-31 | 5.5 Medium |
| WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote ("). | ||||
| CVE-2023-46332 | 1 Webassembly | 1 Webassembly Binary Toolkit | 2024-11-21 | 5.5 Medium |
| WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault. | ||||
| CVE-2023-46331 | 1 Webassembly | 1 Webassembly Binary Toolkit | 2024-11-21 | 5.5 Medium |
| WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault. | ||||
| CVE-2021-46055 | 1 Webassembly | 1 Binaryen | 2024-11-21 | 5.5 Medium |
| A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). | ||||
| CVE-2021-46054 | 1 Webassembly | 1 Binaryen | 2024-11-21 | 5.5 Medium |
| A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). | ||||