Webassembly: Security Vulnerabilities
A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-06-19
A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-06-19
A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS Score
5.0
EPSS Score
0.0
Published
2025-03-21
WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-10-23
WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-10-23
A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-08-22
Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-08-22
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-23
An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-05-23
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-03-10
Page 1