Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    90 vulnerabilities by WebAssembly

    CVE-2026-8257 (GCVE-0-2026-8257)

    Vulnerability from nvd – Published: 2026-05-11 00:30 – Updated: 2026-05-11 17:31 X_Open Source
    VLAI
    Title
    WebAssembly Binaryen BrOn wasm-ir-builder.cpp makeBrOn assertion
    Summary
    A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit is now public and may be used. The patch is named 1251efbc1ea471c1311d2726b2bbe061ff2a291c. It is suggested to install a patch to address this issue.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    WebAssembly Binaryen Affected: 117
        cpe:2.3:a:webassembly:binaryen:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    pwn3rd (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8257",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T15:57:14.190670Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T17:31:23.327Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:webassembly:binaryen:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "BrOn Parser"
              ],
              "product": "Binaryen",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "117"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "pwn3rd (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit is now public and may be used. The patch is named 1251efbc1ea471c1311d2726b2bbe061ff2a291c. It is suggested to install a patch to address this issue."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T00:30:13.661Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-362554 | WebAssembly Binaryen BrOn wasm-ir-builder.cpp makeBrOn assertion",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/362554"
            },
            {
              "name": "VDB-362554 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/362554/cti"
            },
            {
              "name": "Submit #809552 | WebAssembly Community Binaryen main branch commit 3ef8d19 (v117 development version, vulnerable version before fix commit 1251efb) Fixed version: commit 1251ef Assertion Failure, Denial of Service (Local DoS)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/809552"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/binaryen/issues/8633"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/WebAssembly/binaryen/pull/8635"
            },
            {
              "tags": [
                "exploit",
                "patch"
              ],
              "url": "https://github.com/HackC0der/CVE-Repos/blob/main/wasm-binaryen/Assertion_Failure_isRef_wasm_Type_getHeapType_commit_3ef8d19"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/WebAssembly/binaryen/commit/1251efbc1ea471c1311d2726b2bbe061ff2a291c"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/WebAssembly/binaryen/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-10T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-10T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-10T17:02:16.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly Binaryen BrOn wasm-ir-builder.cpp makeBrOn assertion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8257",
        "datePublished": "2026-05-11T00:30:13.661Z",
        "dateReserved": "2026-05-10T14:57:05.580Z",
        "dateUpdated": "2026-05-11T17:31:23.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15412 (GCVE-0-2025-15412)

    Vulnerability from nvd – Published: 2026-01-01 20:32 – Updated: 2026-02-23 08:03
    VLAI
    Title
    WebAssembly wabt wasm-decompile VarName out-of-bounds
    Summary
    A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    WebAssembly wabt Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Affected: 1.0.5
    Affected: 1.0.6
    Affected: 1.0.7
    Affected: 1.0.8
    Affected: 1.0.9
    Affected: 1.0.10
    Affected: 1.0.11
    Affected: 1.0.12
    Affected: 1.0.13
    Affected: 1.0.14
    Affected: 1.0.15
    Affected: 1.0.16
    Affected: 1.0.17
    Affected: 1.0.18
    Affected: 1.0.19
    Affected: 1.0.20
    Affected: 1.0.21
    Affected: 1.0.22
    Affected: 1.0.23
    Affected: 1.0.24
    Affected: 1.0.25
    Affected: 1.0.26
    Affected: 1.0.27
    Affected: 1.0.28
    Affected: 1.0.29
    Affected: 1.0.30
    Affected: 1.0.31
    Affected: 1.0.32
    Affected: 1.0.33
    Affected: 1.0.34
    Affected: 1.0.35
    Affected: 1.0.36
    Affected: 1.0.37
    Affected: 1.0.38
    Affected: 1.0.39
        cpe:2.3:a:webassembly:wabt:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Oneafter (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15412",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-05T21:04:45.525921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-05T21:05:04.866Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:webassembly:wabt:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "wasm-decompile"
              ],
              "product": "wabt",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                },
                {
                  "status": "affected",
                  "version": "1.0.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.13"
                },
                {
                  "status": "affected",
                  "version": "1.0.14"
                },
                {
                  "status": "affected",
                  "version": "1.0.15"
                },
                {
                  "status": "affected",
                  "version": "1.0.16"
                },
                {
                  "status": "affected",
                  "version": "1.0.17"
                },
                {
                  "status": "affected",
                  "version": "1.0.18"
                },
                {
                  "status": "affected",
                  "version": "1.0.19"
                },
                {
                  "status": "affected",
                  "version": "1.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.0.21"
                },
                {
                  "status": "affected",
                  "version": "1.0.22"
                },
                {
                  "status": "affected",
                  "version": "1.0.23"
                },
                {
                  "status": "affected",
                  "version": "1.0.24"
                },
                {
                  "status": "affected",
                  "version": "1.0.25"
                },
                {
                  "status": "affected",
                  "version": "1.0.26"
                },
                {
                  "status": "affected",
                  "version": "1.0.27"
                },
                {
                  "status": "affected",
                  "version": "1.0.28"
                },
                {
                  "status": "affected",
                  "version": "1.0.29"
                },
                {
                  "status": "affected",
                  "version": "1.0.30"
                },
                {
                  "status": "affected",
                  "version": "1.0.31"
                },
                {
                  "status": "affected",
                  "version": "1.0.32"
                },
                {
                  "status": "affected",
                  "version": "1.0.33"
                },
                {
                  "status": "affected",
                  "version": "1.0.34"
                },
                {
                  "status": "affected",
                  "version": "1.0.35"
                },
                {
                  "status": "affected",
                  "version": "1.0.36"
                },
                {
                  "status": "affected",
                  "version": "1.0.37"
                },
                {
                  "status": "affected",
                  "version": "1.0.38"
                },
                {
                  "status": "affected",
                  "version": "1.0.39"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Oneafter (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-Bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T08:03:40.223Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-339333 | WebAssembly wabt wasm-decompile VarName out-of-bounds",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.339333"
            },
            {
              "name": "VDB-339333 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.339333"
            },
            {
              "name": "Submit #719826 | WebAssembly wabt 1.0.39 and master-branch Memory Corruption",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.719826"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2678"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/oneafter/1208/blob/main/af1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/WebAssembly/wabt/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-01-01T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-06T17:41:47.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly wabt wasm-decompile VarName out-of-bounds"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15412",
        "datePublished": "2026-01-01T20:32:06.684Z",
        "dateReserved": "2026-01-01T09:19:01.354Z",
        "dateUpdated": "2026-02-23T08:03:40.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15411 (GCVE-0-2025-15411)

    Vulnerability from nvd – Published: 2026-01-01 19:32 – Updated: 2026-02-23 08:03
    VLAI
    Title
    WebAssembly wabt wasm-decompile InsertNode memory corruption
    Summary
    A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    WebAssembly wabt Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Affected: 1.0.5
    Affected: 1.0.6
    Affected: 1.0.7
    Affected: 1.0.8
    Affected: 1.0.9
    Affected: 1.0.10
    Affected: 1.0.11
    Affected: 1.0.12
    Affected: 1.0.13
    Affected: 1.0.14
    Affected: 1.0.15
    Affected: 1.0.16
    Affected: 1.0.17
    Affected: 1.0.18
    Affected: 1.0.19
    Affected: 1.0.20
    Affected: 1.0.21
    Affected: 1.0.22
    Affected: 1.0.23
    Affected: 1.0.24
    Affected: 1.0.25
    Affected: 1.0.26
    Affected: 1.0.27
    Affected: 1.0.28
    Affected: 1.0.29
    Affected: 1.0.30
    Affected: 1.0.31
    Affected: 1.0.32
    Affected: 1.0.33
    Affected: 1.0.34
    Affected: 1.0.35
    Affected: 1.0.36
    Affected: 1.0.37
    Affected: 1.0.38
    Affected: 1.0.39
        cpe:2.3:a:webassembly:wabt:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Oneafter (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15411",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-05T21:03:24.165884Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-05T21:04:04.609Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:webassembly:wabt:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "wasm-decompile"
              ],
              "product": "wabt",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                },
                {
                  "status": "affected",
                  "version": "1.0.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.13"
                },
                {
                  "status": "affected",
                  "version": "1.0.14"
                },
                {
                  "status": "affected",
                  "version": "1.0.15"
                },
                {
                  "status": "affected",
                  "version": "1.0.16"
                },
                {
                  "status": "affected",
                  "version": "1.0.17"
                },
                {
                  "status": "affected",
                  "version": "1.0.18"
                },
                {
                  "status": "affected",
                  "version": "1.0.19"
                },
                {
                  "status": "affected",
                  "version": "1.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.0.21"
                },
                {
                  "status": "affected",
                  "version": "1.0.22"
                },
                {
                  "status": "affected",
                  "version": "1.0.23"
                },
                {
                  "status": "affected",
                  "version": "1.0.24"
                },
                {
                  "status": "affected",
                  "version": "1.0.25"
                },
                {
                  "status": "affected",
                  "version": "1.0.26"
                },
                {
                  "status": "affected",
                  "version": "1.0.27"
                },
                {
                  "status": "affected",
                  "version": "1.0.28"
                },
                {
                  "status": "affected",
                  "version": "1.0.29"
                },
                {
                  "status": "affected",
                  "version": "1.0.30"
                },
                {
                  "status": "affected",
                  "version": "1.0.31"
                },
                {
                  "status": "affected",
                  "version": "1.0.32"
                },
                {
                  "status": "affected",
                  "version": "1.0.33"
                },
                {
                  "status": "affected",
                  "version": "1.0.34"
                },
                {
                  "status": "affected",
                  "version": "1.0.35"
                },
                {
                  "status": "affected",
                  "version": "1.0.36"
                },
                {
                  "status": "affected",
                  "version": "1.0.37"
                },
                {
                  "status": "affected",
                  "version": "1.0.38"
                },
                {
                  "status": "affected",
                  "version": "1.0.39"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Oneafter (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T08:03:27.517Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-339332 | WebAssembly wabt wasm-decompile InsertNode memory corruption",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.339332"
            },
            {
              "name": "VDB-339332 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.339332"
            },
            {
              "name": "Submit #719825 | WebAssembly wabt 1.0.39 and master-branch Heap-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.719825"
            },
            {
              "name": "Submit #736404 | WebAssembly wabt 1.0.39 and master-branch Use After Free (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.736404"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2679"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/oneafter/1208/blob/main/af1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/WebAssembly/wabt/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-01-01T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-06T17:41:47.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly wabt wasm-decompile InsertNode memory corruption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15411",
        "datePublished": "2026-01-01T19:32:07.421Z",
        "dateReserved": "2026-01-01T09:18:56.704Z",
        "dateUpdated": "2026-02-23T08:03:27.517Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14957 (GCVE-0-2025-14957)

    Vulnerability from nvd – Published: 2025-12-19 17:02 – Updated: 2026-02-24 05:57 X_Open Source
    VLAI
    Title
    WebAssembly Binaryen IRBuilder wasm-ir-builder.cpp makeLocalTee null pointer dereference
    Summary
    A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is advised to resolve this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    WebAssembly Binaryen Affected: 125
        cpe:2.3:a:webassembly:binaryen:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Oneafter (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14957",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T17:23:29.619634Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T17:59:48.851Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:webassembly:binaryen:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "IRBuilder"
              ],
              "product": "Binaryen",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "125"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Oneafter (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is advised to resolve this issue."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T05:57:44.642Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-337593 | WebAssembly Binaryen IRBuilder wasm-ir-builder.cpp makeLocalTee null pointer dereference",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.337593"
            },
            {
              "name": "VDB-337593 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.337593"
            },
            {
              "name": "Submit #717317 | WebAssembly binaryen e7706b3 Memory Corruption",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.717317"
            },
            {
              "name": "Submit #717319 | WebAssembly binaryen e7706b3 Memory Corruption (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.717319"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/binaryen/issues/8090"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/binaryen/pull/8099"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/oneafter/1204/blob/main/af1"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/WebAssembly/binaryen/commit/6fb2b917a79578ab44cf3b900a6da4c27251e0d4"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/WebAssembly/binaryen/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-19T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-30T20:37:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly Binaryen IRBuilder wasm-ir-builder.cpp makeLocalTee null pointer dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-14957",
        "datePublished": "2025-12-19T17:02:16.843Z",
        "dateReserved": "2025-12-19T08:53:10.207Z",
        "dateUpdated": "2026-02-24T05:57:44.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14956 (GCVE-0-2025-14956)

    Vulnerability from nvd – Published: 2025-12-19 16:32 – Updated: 2026-02-24 05:57 X_Open Source
    VLAI
    Title
    WebAssembly Binaryen wasm-binary.cpp readExport heap-based overflow
    Summary
    A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    WebAssembly Binaryen Affected: 125
        cpe:2.3:a:webassembly:binaryen:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Oneafter (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14956",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T17:24:53.817424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T18:00:41.794Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:webassembly:binaryen:*:*:*:*:*:*:*:*"
              ],
              "product": "Binaryen",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "125"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Oneafter (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T05:57:29.961Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-337592 | WebAssembly Binaryen wasm-binary.cpp readExport heap-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.337592"
            },
            {
              "name": "VDB-337592 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.337592"
            },
            {
              "name": "Submit #717315 | WebAssembly binaryen 9a226ac Heap-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.717315"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/binaryen/issues/8089"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/binaryen/pull/8092"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/oneafter/1204/blob/main/hbf"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/WebAssembly/binaryen/commit/4f52bff8c4075b5630422f902dd92a0af2c9f398"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/WebAssembly/binaryen/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-19T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-30T20:37:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly Binaryen wasm-binary.cpp readExport heap-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-14956",
        "datePublished": "2025-12-19T16:32:12.536Z",
        "dateReserved": "2025-12-19T08:38:51.694Z",
        "dateUpdated": "2026-02-24T05:57:29.961Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-6275 (GCVE-0-2025-6275)

    Vulnerability from nvd – Published: 2025-06-19 19:31 – Updated: 2025-06-23 19:30
    VLAI
    Title
    WebAssembly wabt binary-reader-interp.cc GetFuncOffset use after free
    Summary
    A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    WebAssembly wabt Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Affected: 1.0.5
    Affected: 1.0.6
    Affected: 1.0.7
    Affected: 1.0.8
    Affected: 1.0.9
    Affected: 1.0.10
    Affected: 1.0.11
    Affected: 1.0.12
    Affected: 1.0.13
    Affected: 1.0.14
    Affected: 1.0.15
    Affected: 1.0.16
    Affected: 1.0.17
    Affected: 1.0.18
    Affected: 1.0.19
    Affected: 1.0.20
    Affected: 1.0.21
    Affected: 1.0.22
    Affected: 1.0.23
    Affected: 1.0.24
    Affected: 1.0.25
    Affected: 1.0.26
    Affected: 1.0.27
    Affected: 1.0.28
    Affected: 1.0.29
    Affected: 1.0.30
    Affected: 1.0.31
    Affected: 1.0.32
    Affected: 1.0.33
    Affected: 1.0.34
    Affected: 1.0.35
    Affected: 1.0.36
    Affected: 1.0.37
    Create a notification for this product.
    Credits
    JJLeo (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6275",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T16:16:43.780070Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T19:30:26.829Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/WebAssembly/wabt/issues/2614"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wabt",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                },
                {
                  "status": "affected",
                  "version": "1.0.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.13"
                },
                {
                  "status": "affected",
                  "version": "1.0.14"
                },
                {
                  "status": "affected",
                  "version": "1.0.15"
                },
                {
                  "status": "affected",
                  "version": "1.0.16"
                },
                {
                  "status": "affected",
                  "version": "1.0.17"
                },
                {
                  "status": "affected",
                  "version": "1.0.18"
                },
                {
                  "status": "affected",
                  "version": "1.0.19"
                },
                {
                  "status": "affected",
                  "version": "1.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.0.21"
                },
                {
                  "status": "affected",
                  "version": "1.0.22"
                },
                {
                  "status": "affected",
                  "version": "1.0.23"
                },
                {
                  "status": "affected",
                  "version": "1.0.24"
                },
                {
                  "status": "affected",
                  "version": "1.0.25"
                },
                {
                  "status": "affected",
                  "version": "1.0.26"
                },
                {
                  "status": "affected",
                  "version": "1.0.27"
                },
                {
                  "status": "affected",
                  "version": "1.0.28"
                },
                {
                  "status": "affected",
                  "version": "1.0.29"
                },
                {
                  "status": "affected",
                  "version": "1.0.30"
                },
                {
                  "status": "affected",
                  "version": "1.0.31"
                },
                {
                  "status": "affected",
                  "version": "1.0.32"
                },
                {
                  "status": "affected",
                  "version": "1.0.33"
                },
                {
                  "status": "affected",
                  "version": "1.0.34"
                },
                {
                  "status": "affected",
                  "version": "1.0.35"
                },
                {
                  "status": "affected",
                  "version": "1.0.36"
                },
                {
                  "status": "affected",
                  "version": "1.0.37"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "JJLeo (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect \"real world wasm programs\". Therefore, this entry might get disputed as well in the future."
            },
            {
              "lang": "de",
              "value": "In WebAssembly wabt bis 1.0.37 wurde eine problematische Schwachstelle ausgemacht. Hierbei betrifft es die Funktion GetFuncOffset der Datei src/interp/binary-reader-interp.cc. Durch Beeinflussen mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-19T19:31:06.618Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-313279 | WebAssembly wabt binary-reader-interp.cc GetFuncOffset use after free",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.313279"
            },
            {
              "name": "VDB-313279 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.313279"
            },
            {
              "name": "Submit #593017 | WebAssembly wabt wabt 1.0.37 (commit a60eb26) Use After Free",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.593017"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2614"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/user-attachments/files/20623626/wabt_crash_5.txt"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-19T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-19T08:44:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly wabt binary-reader-interp.cc GetFuncOffset use after free"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-6275",
        "datePublished": "2025-06-19T19:31:06.618Z",
        "dateReserved": "2025-06-19T06:38:13.004Z",
        "dateUpdated": "2025-06-23T19:30:26.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6274 (GCVE-0-2025-6274)

    Vulnerability from nvd – Published: 2025-06-19 19:00 – Updated: 2025-06-23 19:30
    VLAI
    Title
    WebAssembly wabt binary-reader-interp.cc OnDataCount resource consumption
    Summary
    A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    WebAssembly wabt Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Affected: 1.0.5
    Affected: 1.0.6
    Affected: 1.0.7
    Affected: 1.0.8
    Affected: 1.0.9
    Affected: 1.0.10
    Affected: 1.0.11
    Affected: 1.0.12
    Affected: 1.0.13
    Affected: 1.0.14
    Affected: 1.0.15
    Affected: 1.0.16
    Affected: 1.0.17
    Affected: 1.0.18
    Affected: 1.0.19
    Affected: 1.0.20
    Affected: 1.0.21
    Affected: 1.0.22
    Affected: 1.0.23
    Affected: 1.0.24
    Affected: 1.0.25
    Affected: 1.0.26
    Affected: 1.0.27
    Affected: 1.0.28
    Affected: 1.0.29
    Affected: 1.0.30
    Affected: 1.0.31
    Affected: 1.0.32
    Affected: 1.0.33
    Affected: 1.0.34
    Affected: 1.0.35
    Affected: 1.0.36
    Affected: 1.0.37
    Create a notification for this product.
    Credits
    JJLeo (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6274",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T16:16:49.045628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T19:30:32.208Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/WebAssembly/wabt/issues/2598"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wabt",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                },
                {
                  "status": "affected",
                  "version": "1.0.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.13"
                },
                {
                  "status": "affected",
                  "version": "1.0.14"
                },
                {
                  "status": "affected",
                  "version": "1.0.15"
                },
                {
                  "status": "affected",
                  "version": "1.0.16"
                },
                {
                  "status": "affected",
                  "version": "1.0.17"
                },
                {
                  "status": "affected",
                  "version": "1.0.18"
                },
                {
                  "status": "affected",
                  "version": "1.0.19"
                },
                {
                  "status": "affected",
                  "version": "1.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.0.21"
                },
                {
                  "status": "affected",
                  "version": "1.0.22"
                },
                {
                  "status": "affected",
                  "version": "1.0.23"
                },
                {
                  "status": "affected",
                  "version": "1.0.24"
                },
                {
                  "status": "affected",
                  "version": "1.0.25"
                },
                {
                  "status": "affected",
                  "version": "1.0.26"
                },
                {
                  "status": "affected",
                  "version": "1.0.27"
                },
                {
                  "status": "affected",
                  "version": "1.0.28"
                },
                {
                  "status": "affected",
                  "version": "1.0.29"
                },
                {
                  "status": "affected",
                  "version": "1.0.30"
                },
                {
                  "status": "affected",
                  "version": "1.0.31"
                },
                {
                  "status": "affected",
                  "version": "1.0.32"
                },
                {
                  "status": "affected",
                  "version": "1.0.33"
                },
                {
                  "status": "affected",
                  "version": "1.0.34"
                },
                {
                  "status": "affected",
                  "version": "1.0.35"
                },
                {
                  "status": "affected",
                  "version": "1.0.36"
                },
                {
                  "status": "affected",
                  "version": "1.0.37"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "JJLeo (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect \"real world wasm programs\". Therefore, this entry might get disputed as well in the future."
            },
            {
              "lang": "de",
              "value": "Es wurde eine problematische Schwachstelle in WebAssembly wabt bis 1.0.37 ausgemacht. Dabei betrifft es die Funktion OnDataCount der Datei src/interp/binary-reader-interp.cc. Durch das Beeinflussen mit unbekannten Daten kann eine resource consumption-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-19T19:00:16.150Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-313278 | WebAssembly wabt binary-reader-interp.cc OnDataCount resource consumption",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.313278"
            },
            {
              "name": "VDB-313278 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.313278"
            },
            {
              "name": "Submit #593016 | WebAssembly wabt wabt 1.0.37 (commit a60eb26) Uncontrolled Memory Allocation",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.593016"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2598"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/user-attachments/files/20191325/wabt_crash_4.txt"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-19T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-19T08:44:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly wabt binary-reader-interp.cc OnDataCount resource consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-6274",
        "datePublished": "2025-06-19T19:00:16.150Z",
        "dateReserved": "2025-06-19T06:38:09.849Z",
        "dateUpdated": "2025-06-23T19:30:32.208Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6273 (GCVE-0-2025-6273)

    Vulnerability from nvd – Published: 2025-06-19 18:31 – Updated: 2025-06-23 19:30 Disputed
    VLAI
    Title
    WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion
    Summary
    A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect "real world wasm programs".
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    WebAssembly wabt Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Affected: 1.0.5
    Affected: 1.0.6
    Affected: 1.0.7
    Affected: 1.0.8
    Affected: 1.0.9
    Affected: 1.0.10
    Affected: 1.0.11
    Affected: 1.0.12
    Affected: 1.0.13
    Affected: 1.0.14
    Affected: 1.0.15
    Affected: 1.0.16
    Affected: 1.0.17
    Affected: 1.0.18
    Affected: 1.0.19
    Affected: 1.0.20
    Affected: 1.0.21
    Affected: 1.0.22
    Affected: 1.0.23
    Affected: 1.0.24
    Affected: 1.0.25
    Affected: 1.0.26
    Affected: 1.0.27
    Affected: 1.0.28
    Affected: 1.0.29
    Affected: 1.0.30
    Affected: 1.0.31
    Affected: 1.0.32
    Affected: 1.0.33
    Affected: 1.0.34
    Affected: 1.0.35
    Affected: 1.0.36
    Affected: 1.0.37
    Create a notification for this product.
    Credits
    JJLeo (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6273",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T16:16:54.491286Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T19:30:37.748Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/WebAssembly/wabt/issues/2574"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wabt",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                },
                {
                  "status": "affected",
                  "version": "1.0.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.13"
                },
                {
                  "status": "affected",
                  "version": "1.0.14"
                },
                {
                  "status": "affected",
                  "version": "1.0.15"
                },
                {
                  "status": "affected",
                  "version": "1.0.16"
                },
                {
                  "status": "affected",
                  "version": "1.0.17"
                },
                {
                  "status": "affected",
                  "version": "1.0.18"
                },
                {
                  "status": "affected",
                  "version": "1.0.19"
                },
                {
                  "status": "affected",
                  "version": "1.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.0.21"
                },
                {
                  "status": "affected",
                  "version": "1.0.22"
                },
                {
                  "status": "affected",
                  "version": "1.0.23"
                },
                {
                  "status": "affected",
                  "version": "1.0.24"
                },
                {
                  "status": "affected",
                  "version": "1.0.25"
                },
                {
                  "status": "affected",
                  "version": "1.0.26"
                },
                {
                  "status": "affected",
                  "version": "1.0.27"
                },
                {
                  "status": "affected",
                  "version": "1.0.28"
                },
                {
                  "status": "affected",
                  "version": "1.0.29"
                },
                {
                  "status": "affected",
                  "version": "1.0.30"
                },
                {
                  "status": "affected",
                  "version": "1.0.31"
                },
                {
                  "status": "affected",
                  "version": "1.0.32"
                },
                {
                  "status": "affected",
                  "version": "1.0.33"
                },
                {
                  "status": "affected",
                  "version": "1.0.34"
                },
                {
                  "status": "affected",
                  "version": "1.0.35"
                },
                {
                  "status": "affected",
                  "version": "1.0.36"
                },
                {
                  "status": "affected",
                  "version": "1.0.37"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "JJLeo (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect \"real world wasm programs\"."
            },
            {
              "lang": "de",
              "value": "Eine problematische Schwachstelle wurde in WebAssembly wabt bis 1.0.37 gefunden. Dies betrifft die Funktion LogOpcode der Datei src/binary-reader-objdump.cc. Durch Manipulieren mit unbekannten Daten kann eine reachable assertion-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Bisher konnte die Existenz der vermeintlichen Schwachstelle noch nicht eindeutig nachgewiesen werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-19T18:31:06.692Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-313277 | WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.313277"
            },
            {
              "name": "VDB-313277 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.313277"
            },
            {
              "name": "Submit #593010 | WebAssembly wabt wabt 1.0.37 (commit a60eb26) Reachable Assertion",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.593010"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2574"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/user-attachments/files/19529411/wabt_crash.txt"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-19T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-19T08:44:00.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-6273",
        "datePublished": "2025-06-19T18:31:06.692Z",
        "dateReserved": "2025-06-19T06:38:03.623Z",
        "dateUpdated": "2025-06-23T19:30:37.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3122 (GCVE-0-2025-3122)

    Vulnerability from nvd – Published: 2025-04-02 22:00 – Updated: 2025-04-03 19:18
    VLAI
    Title
    WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference
    Summary
    A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.303013 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.303013 signaturepermissions-required
    https://vuldb.com/?submit.525091 third-party-advisory
    https://github.com/WebAssembly/wabt/issues/2565 issue-tracking
    https://github.com/WebAssembly/wabt/issues/2565#i… exploitissue-tracking
    Impacted products
    Vendor Product Version
    WebAssembly wabt Affected: 1.0.36
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3122",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T19:17:51.412037Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T19:18:20.492Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wabt",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.36"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In WebAssembly wabt 1.0.36 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um die Funktion BinaryReaderInterp::BeginFunctionBody der Datei src/interp/binary-reader-interp.cc. Durch das Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.6,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-02T22:00:14.705Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-303013 | WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.303013"
            },
            {
              "name": "VDB-303013 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.303013"
            },
            {
              "name": "Submit #525091 | https://github.com/WebAssembly/wabt wabt 1.0.36 NULL Pointer Dereference",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.525091"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2565"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2565#issue-2927572319"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-02T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-02T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-02T15:42:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-3122",
        "datePublished": "2025-04-02T22:00:14.705Z",
        "dateReserved": "2025-04-02T13:37:36.642Z",
        "dateUpdated": "2025-04-03T19:18:20.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2584 (GCVE-0-2025-2584)

    Vulnerability from nvd – Published: 2025-03-21 07:31 – Updated: 2025-03-21 12:29
    VLAI
    Title
    WebAssembly wabt binary-reader-interp.cc GetReturnCallDropKeepCount heap-based overflow
    Summary
    A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.300544 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.300544 signaturepermissions-required
    https://vuldb.com/?submit.515406 third-party-advisory
    https://github.com/WebAssembly/wabt/issues/2557 issue-tracking
    https://github.com/WebAssembly/wabt/issues/2557#i… exploitissue-tracking
    Impacted products
    Vendor Product Version
    WebAssembly wabt Affected: 1.0.36
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2584",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-21T12:29:43.060139Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-21T12:29:54.383Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wabt",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.36"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In WebAssembly wabt 1.0.36 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion BinaryReaderInterp::GetReturnCallDropKeepCount der Datei wabt/src/interp/binary-reader-interp.cc. Mit der Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.1,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-21T07:31:03.732Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-300544 | WebAssembly wabt binary-reader-interp.cc GetReturnCallDropKeepCount heap-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.300544"
            },
            {
              "name": "VDB-300544 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.300544"
            },
            {
              "name": "Submit #515406 | https://github.com/WebAssembly/wabt wabt v1.0.36 Heap-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.515406"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2557"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2557#issue-2900405517"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-20T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-03-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-03-21T00:06:44.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly wabt binary-reader-interp.cc GetReturnCallDropKeepCount heap-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-2584",
        "datePublished": "2025-03-21T07:31:03.732Z",
        "dateReserved": "2025-03-20T23:01:41.046Z",
        "dateUpdated": "2025-03-21T12:29:54.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2368 (GCVE-0-2025-2368)

    Vulnerability from nvd – Published: 2025-03-17 08:00 – Updated: 2025-03-17 16:25
    VLAI
    Title
    WebAssembly wabt Malformed File binary-reader-interp.cc OnExport heap-based overflow
    Summary
    A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    WebAssembly wabt Affected: 1.0.36
    Create a notification for this product.
    Credits
    VulDB GitHub Analyzer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2368",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-17T16:24:32.904421Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T16:25:00.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Malformed File Handler"
              ],
              "product": "wabt",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.36"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "tool",
              "value": "VulDB GitHub Analyzer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in WebAssembly wabt 1.0.36 gefunden. Dies betrifft die Funktion wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport der Datei wabt/src/interp/binary-reader-interp.cc der Komponente Malformed File Handler. Durch das Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-17T08:00:05.922Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-299867 | WebAssembly wabt Malformed File binary-reader-interp.cc OnExport heap-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.299867"
            },
            {
              "name": "VDB-299867 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.299867"
            },
            {
              "name": "Submit #515327 | https://github.com/WebAssembly/wabt wabt v1.0.36 Heap-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.515327"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2556"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2537"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2556#issue-2899598349"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/WebAssembly/wabt/pull/2541"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-16T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-03-16T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-03-16T13:54:25.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly wabt Malformed File binary-reader-interp.cc OnExport heap-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-2368",
        "datePublished": "2025-03-17T08:00:05.922Z",
        "dateReserved": "2025-03-16T12:47:32.747Z",
        "dateUpdated": "2025-03-17T16:25:00.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46331 (GCVE-0-2023-46331)

    Vulnerability from nvd – Published: 2023-10-23 00:00 – Updated: 2024-09-17 14:21
    VLAI
    Summary
    WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:41.260Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/WebAssembly/wabt/issues/2310"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46331",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T18:45:31.736555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T14:21:45.481Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T16:03:55.341Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/WebAssembly/wabt/issues/2310"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46331",
        "datePublished": "2023-10-23T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T14:21:45.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46332 (GCVE-0-2023-46332)

    Vulnerability from nvd – Published: 2023-10-23 00:00 – Updated: 2024-09-17 14:21
    VLAI
    Summary
    WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:40.807Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/WebAssembly/wabt/issues/2311"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46332",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T18:47:55.170627Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T14:21:11.938Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T16:00:44.624Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/WebAssembly/wabt/issues/2311"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46332",
        "datePublished": "2023-10-23T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T14:21:11.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-18382 (GCVE-0-2020-18382)

    Vulnerability from nvd – Published: 2023-08-22 00:00 – Updated: 2024-10-07 15:46
    VLAI
    Summary
    Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T14:00:49.138Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/WebAssembly/binaryen/issues/1900"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-18382",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T15:45:55.966520Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T15:46:14.979Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-22T15:45:46.416Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/WebAssembly/binaryen/issues/1900"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-18382",
        "datePublished": "2023-08-22T00:00:00.000Z",
        "dateReserved": "2020-08-13T00:00:00.000Z",
        "dateUpdated": "2024-10-07T15:46:14.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-18378 (GCVE-0-2020-18378)

    Vulnerability from nvd – Published: 2023-08-22 00:00 – Updated: 2024-10-03 20:30
    VLAI
    Summary
    A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T14:00:49.256Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/WebAssembly/binaryen/issues/1900"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-18378",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T20:26:34.106830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-476",
                    "description": "CWE-476 NULL Pointer Dereference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T20:30:39.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-22T15:45:45.912Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/WebAssembly/binaryen/issues/1900"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-18378",
        "datePublished": "2023-08-22T00:00:00.000Z",
        "dateReserved": "2020-08-13T00:00:00.000Z",
        "dateUpdated": "2024-10-03T20:30:39.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-8257 (GCVE-0-2026-8257)

    Vulnerability from cvelistv5 – Published: 2026-05-11 00:30 – Updated: 2026-05-11 17:31 X_Open Source
    VLAI
    Title
    WebAssembly Binaryen BrOn wasm-ir-builder.cpp makeBrOn assertion
    Summary
    A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit is now public and may be used. The patch is named 1251efbc1ea471c1311d2726b2bbe061ff2a291c. It is suggested to install a patch to address this issue.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    WebAssembly Binaryen Affected: 117
        cpe:2.3:a:webassembly:binaryen:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    pwn3rd (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8257",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T15:57:14.190670Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T17:31:23.327Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:webassembly:binaryen:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "BrOn Parser"
              ],
              "product": "Binaryen",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "117"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "pwn3rd (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit is now public and may be used. The patch is named 1251efbc1ea471c1311d2726b2bbe061ff2a291c. It is suggested to install a patch to address this issue."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T00:30:13.661Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-362554 | WebAssembly Binaryen BrOn wasm-ir-builder.cpp makeBrOn assertion",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/362554"
            },
            {
              "name": "VDB-362554 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/362554/cti"
            },
            {
              "name": "Submit #809552 | WebAssembly Community Binaryen main branch commit 3ef8d19 (v117 development version, vulnerable version before fix commit 1251efb) Fixed version: commit 1251ef Assertion Failure, Denial of Service (Local DoS)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/809552"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/binaryen/issues/8633"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/WebAssembly/binaryen/pull/8635"
            },
            {
              "tags": [
                "exploit",
                "patch"
              ],
              "url": "https://github.com/HackC0der/CVE-Repos/blob/main/wasm-binaryen/Assertion_Failure_isRef_wasm_Type_getHeapType_commit_3ef8d19"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/WebAssembly/binaryen/commit/1251efbc1ea471c1311d2726b2bbe061ff2a291c"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/WebAssembly/binaryen/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-10T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-10T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-10T17:02:16.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly Binaryen BrOn wasm-ir-builder.cpp makeBrOn assertion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8257",
        "datePublished": "2026-05-11T00:30:13.661Z",
        "dateReserved": "2026-05-10T14:57:05.580Z",
        "dateUpdated": "2026-05-11T17:31:23.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15412 (GCVE-0-2025-15412)

    Vulnerability from cvelistv5 – Published: 2026-01-01 20:32 – Updated: 2026-02-23 08:03
    VLAI
    Title
    WebAssembly wabt wasm-decompile VarName out-of-bounds
    Summary
    A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    WebAssembly wabt Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Affected: 1.0.5
    Affected: 1.0.6
    Affected: 1.0.7
    Affected: 1.0.8
    Affected: 1.0.9
    Affected: 1.0.10
    Affected: 1.0.11
    Affected: 1.0.12
    Affected: 1.0.13
    Affected: 1.0.14
    Affected: 1.0.15
    Affected: 1.0.16
    Affected: 1.0.17
    Affected: 1.0.18
    Affected: 1.0.19
    Affected: 1.0.20
    Affected: 1.0.21
    Affected: 1.0.22
    Affected: 1.0.23
    Affected: 1.0.24
    Affected: 1.0.25
    Affected: 1.0.26
    Affected: 1.0.27
    Affected: 1.0.28
    Affected: 1.0.29
    Affected: 1.0.30
    Affected: 1.0.31
    Affected: 1.0.32
    Affected: 1.0.33
    Affected: 1.0.34
    Affected: 1.0.35
    Affected: 1.0.36
    Affected: 1.0.37
    Affected: 1.0.38
    Affected: 1.0.39
        cpe:2.3:a:webassembly:wabt:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Oneafter (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15412",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-05T21:04:45.525921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-05T21:05:04.866Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:webassembly:wabt:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "wasm-decompile"
              ],
              "product": "wabt",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                },
                {
                  "status": "affected",
                  "version": "1.0.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.13"
                },
                {
                  "status": "affected",
                  "version": "1.0.14"
                },
                {
                  "status": "affected",
                  "version": "1.0.15"
                },
                {
                  "status": "affected",
                  "version": "1.0.16"
                },
                {
                  "status": "affected",
                  "version": "1.0.17"
                },
                {
                  "status": "affected",
                  "version": "1.0.18"
                },
                {
                  "status": "affected",
                  "version": "1.0.19"
                },
                {
                  "status": "affected",
                  "version": "1.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.0.21"
                },
                {
                  "status": "affected",
                  "version": "1.0.22"
                },
                {
                  "status": "affected",
                  "version": "1.0.23"
                },
                {
                  "status": "affected",
                  "version": "1.0.24"
                },
                {
                  "status": "affected",
                  "version": "1.0.25"
                },
                {
                  "status": "affected",
                  "version": "1.0.26"
                },
                {
                  "status": "affected",
                  "version": "1.0.27"
                },
                {
                  "status": "affected",
                  "version": "1.0.28"
                },
                {
                  "status": "affected",
                  "version": "1.0.29"
                },
                {
                  "status": "affected",
                  "version": "1.0.30"
                },
                {
                  "status": "affected",
                  "version": "1.0.31"
                },
                {
                  "status": "affected",
                  "version": "1.0.32"
                },
                {
                  "status": "affected",
                  "version": "1.0.33"
                },
                {
                  "status": "affected",
                  "version": "1.0.34"
                },
                {
                  "status": "affected",
                  "version": "1.0.35"
                },
                {
                  "status": "affected",
                  "version": "1.0.36"
                },
                {
                  "status": "affected",
                  "version": "1.0.37"
                },
                {
                  "status": "affected",
                  "version": "1.0.38"
                },
                {
                  "status": "affected",
                  "version": "1.0.39"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Oneafter (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-Bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T08:03:40.223Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-339333 | WebAssembly wabt wasm-decompile VarName out-of-bounds",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.339333"
            },
            {
              "name": "VDB-339333 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.339333"
            },
            {
              "name": "Submit #719826 | WebAssembly wabt 1.0.39 and master-branch Memory Corruption",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.719826"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2678"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/oneafter/1208/blob/main/af1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/WebAssembly/wabt/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-01-01T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-06T17:41:47.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly wabt wasm-decompile VarName out-of-bounds"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15412",
        "datePublished": "2026-01-01T20:32:06.684Z",
        "dateReserved": "2026-01-01T09:19:01.354Z",
        "dateUpdated": "2026-02-23T08:03:40.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15411 (GCVE-0-2025-15411)

    Vulnerability from cvelistv5 – Published: 2026-01-01 19:32 – Updated: 2026-02-23 08:03
    VLAI
    Title
    WebAssembly wabt wasm-decompile InsertNode memory corruption
    Summary
    A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    WebAssembly wabt Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Affected: 1.0.5
    Affected: 1.0.6
    Affected: 1.0.7
    Affected: 1.0.8
    Affected: 1.0.9
    Affected: 1.0.10
    Affected: 1.0.11
    Affected: 1.0.12
    Affected: 1.0.13
    Affected: 1.0.14
    Affected: 1.0.15
    Affected: 1.0.16
    Affected: 1.0.17
    Affected: 1.0.18
    Affected: 1.0.19
    Affected: 1.0.20
    Affected: 1.0.21
    Affected: 1.0.22
    Affected: 1.0.23
    Affected: 1.0.24
    Affected: 1.0.25
    Affected: 1.0.26
    Affected: 1.0.27
    Affected: 1.0.28
    Affected: 1.0.29
    Affected: 1.0.30
    Affected: 1.0.31
    Affected: 1.0.32
    Affected: 1.0.33
    Affected: 1.0.34
    Affected: 1.0.35
    Affected: 1.0.36
    Affected: 1.0.37
    Affected: 1.0.38
    Affected: 1.0.39
        cpe:2.3:a:webassembly:wabt:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Oneafter (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15411",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-05T21:03:24.165884Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-05T21:04:04.609Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:webassembly:wabt:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "wasm-decompile"
              ],
              "product": "wabt",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                },
                {
                  "status": "affected",
                  "version": "1.0.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.13"
                },
                {
                  "status": "affected",
                  "version": "1.0.14"
                },
                {
                  "status": "affected",
                  "version": "1.0.15"
                },
                {
                  "status": "affected",
                  "version": "1.0.16"
                },
                {
                  "status": "affected",
                  "version": "1.0.17"
                },
                {
                  "status": "affected",
                  "version": "1.0.18"
                },
                {
                  "status": "affected",
                  "version": "1.0.19"
                },
                {
                  "status": "affected",
                  "version": "1.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.0.21"
                },
                {
                  "status": "affected",
                  "version": "1.0.22"
                },
                {
                  "status": "affected",
                  "version": "1.0.23"
                },
                {
                  "status": "affected",
                  "version": "1.0.24"
                },
                {
                  "status": "affected",
                  "version": "1.0.25"
                },
                {
                  "status": "affected",
                  "version": "1.0.26"
                },
                {
                  "status": "affected",
                  "version": "1.0.27"
                },
                {
                  "status": "affected",
                  "version": "1.0.28"
                },
                {
                  "status": "affected",
                  "version": "1.0.29"
                },
                {
                  "status": "affected",
                  "version": "1.0.30"
                },
                {
                  "status": "affected",
                  "version": "1.0.31"
                },
                {
                  "status": "affected",
                  "version": "1.0.32"
                },
                {
                  "status": "affected",
                  "version": "1.0.33"
                },
                {
                  "status": "affected",
                  "version": "1.0.34"
                },
                {
                  "status": "affected",
                  "version": "1.0.35"
                },
                {
                  "status": "affected",
                  "version": "1.0.36"
                },
                {
                  "status": "affected",
                  "version": "1.0.37"
                },
                {
                  "status": "affected",
                  "version": "1.0.38"
                },
                {
                  "status": "affected",
                  "version": "1.0.39"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Oneafter (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T08:03:27.517Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-339332 | WebAssembly wabt wasm-decompile InsertNode memory corruption",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.339332"
            },
            {
              "name": "VDB-339332 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.339332"
            },
            {
              "name": "Submit #719825 | WebAssembly wabt 1.0.39 and master-branch Heap-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.719825"
            },
            {
              "name": "Submit #736404 | WebAssembly wabt 1.0.39 and master-branch Use After Free (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.736404"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2679"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/oneafter/1208/blob/main/af1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/WebAssembly/wabt/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-01-01T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-06T17:41:47.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly wabt wasm-decompile InsertNode memory corruption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15411",
        "datePublished": "2026-01-01T19:32:07.421Z",
        "dateReserved": "2026-01-01T09:18:56.704Z",
        "dateUpdated": "2026-02-23T08:03:27.517Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14957 (GCVE-0-2025-14957)

    Vulnerability from cvelistv5 – Published: 2025-12-19 17:02 – Updated: 2026-02-24 05:57 X_Open Source
    VLAI
    Title
    WebAssembly Binaryen IRBuilder wasm-ir-builder.cpp makeLocalTee null pointer dereference
    Summary
    A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is advised to resolve this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    WebAssembly Binaryen Affected: 125
        cpe:2.3:a:webassembly:binaryen:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Oneafter (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14957",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T17:23:29.619634Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T17:59:48.851Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:webassembly:binaryen:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "IRBuilder"
              ],
              "product": "Binaryen",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "125"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Oneafter (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is advised to resolve this issue."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T05:57:44.642Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-337593 | WebAssembly Binaryen IRBuilder wasm-ir-builder.cpp makeLocalTee null pointer dereference",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.337593"
            },
            {
              "name": "VDB-337593 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.337593"
            },
            {
              "name": "Submit #717317 | WebAssembly binaryen e7706b3 Memory Corruption",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.717317"
            },
            {
              "name": "Submit #717319 | WebAssembly binaryen e7706b3 Memory Corruption (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.717319"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/binaryen/issues/8090"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/binaryen/pull/8099"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/oneafter/1204/blob/main/af1"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/WebAssembly/binaryen/commit/6fb2b917a79578ab44cf3b900a6da4c27251e0d4"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/WebAssembly/binaryen/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-19T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-30T20:37:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly Binaryen IRBuilder wasm-ir-builder.cpp makeLocalTee null pointer dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-14957",
        "datePublished": "2025-12-19T17:02:16.843Z",
        "dateReserved": "2025-12-19T08:53:10.207Z",
        "dateUpdated": "2026-02-24T05:57:44.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14956 (GCVE-0-2025-14956)

    Vulnerability from cvelistv5 – Published: 2025-12-19 16:32 – Updated: 2026-02-24 05:57 X_Open Source
    VLAI
    Title
    WebAssembly Binaryen wasm-binary.cpp readExport heap-based overflow
    Summary
    A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    WebAssembly Binaryen Affected: 125
        cpe:2.3:a:webassembly:binaryen:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Oneafter (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14956",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T17:24:53.817424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T18:00:41.794Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:webassembly:binaryen:*:*:*:*:*:*:*:*"
              ],
              "product": "Binaryen",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "125"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Oneafter (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T05:57:29.961Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-337592 | WebAssembly Binaryen wasm-binary.cpp readExport heap-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.337592"
            },
            {
              "name": "VDB-337592 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.337592"
            },
            {
              "name": "Submit #717315 | WebAssembly binaryen 9a226ac Heap-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.717315"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/binaryen/issues/8089"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/binaryen/pull/8092"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/oneafter/1204/blob/main/hbf"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/WebAssembly/binaryen/commit/4f52bff8c4075b5630422f902dd92a0af2c9f398"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/WebAssembly/binaryen/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-19T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-30T20:37:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly Binaryen wasm-binary.cpp readExport heap-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-14956",
        "datePublished": "2025-12-19T16:32:12.536Z",
        "dateReserved": "2025-12-19T08:38:51.694Z",
        "dateUpdated": "2026-02-24T05:57:29.961Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-6275 (GCVE-0-2025-6275)

    Vulnerability from cvelistv5 – Published: 2025-06-19 19:31 – Updated: 2025-06-23 19:30
    VLAI
    Title
    WebAssembly wabt binary-reader-interp.cc GetFuncOffset use after free
    Summary
    A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    WebAssembly wabt Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Affected: 1.0.5
    Affected: 1.0.6
    Affected: 1.0.7
    Affected: 1.0.8
    Affected: 1.0.9
    Affected: 1.0.10
    Affected: 1.0.11
    Affected: 1.0.12
    Affected: 1.0.13
    Affected: 1.0.14
    Affected: 1.0.15
    Affected: 1.0.16
    Affected: 1.0.17
    Affected: 1.0.18
    Affected: 1.0.19
    Affected: 1.0.20
    Affected: 1.0.21
    Affected: 1.0.22
    Affected: 1.0.23
    Affected: 1.0.24
    Affected: 1.0.25
    Affected: 1.0.26
    Affected: 1.0.27
    Affected: 1.0.28
    Affected: 1.0.29
    Affected: 1.0.30
    Affected: 1.0.31
    Affected: 1.0.32
    Affected: 1.0.33
    Affected: 1.0.34
    Affected: 1.0.35
    Affected: 1.0.36
    Affected: 1.0.37
    Create a notification for this product.
    Credits
    JJLeo (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6275",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T16:16:43.780070Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T19:30:26.829Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/WebAssembly/wabt/issues/2614"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wabt",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                },
                {
                  "status": "affected",
                  "version": "1.0.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.13"
                },
                {
                  "status": "affected",
                  "version": "1.0.14"
                },
                {
                  "status": "affected",
                  "version": "1.0.15"
                },
                {
                  "status": "affected",
                  "version": "1.0.16"
                },
                {
                  "status": "affected",
                  "version": "1.0.17"
                },
                {
                  "status": "affected",
                  "version": "1.0.18"
                },
                {
                  "status": "affected",
                  "version": "1.0.19"
                },
                {
                  "status": "affected",
                  "version": "1.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.0.21"
                },
                {
                  "status": "affected",
                  "version": "1.0.22"
                },
                {
                  "status": "affected",
                  "version": "1.0.23"
                },
                {
                  "status": "affected",
                  "version": "1.0.24"
                },
                {
                  "status": "affected",
                  "version": "1.0.25"
                },
                {
                  "status": "affected",
                  "version": "1.0.26"
                },
                {
                  "status": "affected",
                  "version": "1.0.27"
                },
                {
                  "status": "affected",
                  "version": "1.0.28"
                },
                {
                  "status": "affected",
                  "version": "1.0.29"
                },
                {
                  "status": "affected",
                  "version": "1.0.30"
                },
                {
                  "status": "affected",
                  "version": "1.0.31"
                },
                {
                  "status": "affected",
                  "version": "1.0.32"
                },
                {
                  "status": "affected",
                  "version": "1.0.33"
                },
                {
                  "status": "affected",
                  "version": "1.0.34"
                },
                {
                  "status": "affected",
                  "version": "1.0.35"
                },
                {
                  "status": "affected",
                  "version": "1.0.36"
                },
                {
                  "status": "affected",
                  "version": "1.0.37"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "JJLeo (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect \"real world wasm programs\". Therefore, this entry might get disputed as well in the future."
            },
            {
              "lang": "de",
              "value": "In WebAssembly wabt bis 1.0.37 wurde eine problematische Schwachstelle ausgemacht. Hierbei betrifft es die Funktion GetFuncOffset der Datei src/interp/binary-reader-interp.cc. Durch Beeinflussen mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-19T19:31:06.618Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-313279 | WebAssembly wabt binary-reader-interp.cc GetFuncOffset use after free",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.313279"
            },
            {
              "name": "VDB-313279 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.313279"
            },
            {
              "name": "Submit #593017 | WebAssembly wabt wabt 1.0.37 (commit a60eb26) Use After Free",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.593017"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2614"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/user-attachments/files/20623626/wabt_crash_5.txt"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-19T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-19T08:44:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly wabt binary-reader-interp.cc GetFuncOffset use after free"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-6275",
        "datePublished": "2025-06-19T19:31:06.618Z",
        "dateReserved": "2025-06-19T06:38:13.004Z",
        "dateUpdated": "2025-06-23T19:30:26.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6274 (GCVE-0-2025-6274)

    Vulnerability from cvelistv5 – Published: 2025-06-19 19:00 – Updated: 2025-06-23 19:30
    VLAI
    Title
    WebAssembly wabt binary-reader-interp.cc OnDataCount resource consumption
    Summary
    A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    WebAssembly wabt Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Affected: 1.0.5
    Affected: 1.0.6
    Affected: 1.0.7
    Affected: 1.0.8
    Affected: 1.0.9
    Affected: 1.0.10
    Affected: 1.0.11
    Affected: 1.0.12
    Affected: 1.0.13
    Affected: 1.0.14
    Affected: 1.0.15
    Affected: 1.0.16
    Affected: 1.0.17
    Affected: 1.0.18
    Affected: 1.0.19
    Affected: 1.0.20
    Affected: 1.0.21
    Affected: 1.0.22
    Affected: 1.0.23
    Affected: 1.0.24
    Affected: 1.0.25
    Affected: 1.0.26
    Affected: 1.0.27
    Affected: 1.0.28
    Affected: 1.0.29
    Affected: 1.0.30
    Affected: 1.0.31
    Affected: 1.0.32
    Affected: 1.0.33
    Affected: 1.0.34
    Affected: 1.0.35
    Affected: 1.0.36
    Affected: 1.0.37
    Create a notification for this product.
    Credits
    JJLeo (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6274",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T16:16:49.045628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T19:30:32.208Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/WebAssembly/wabt/issues/2598"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wabt",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                },
                {
                  "status": "affected",
                  "version": "1.0.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.13"
                },
                {
                  "status": "affected",
                  "version": "1.0.14"
                },
                {
                  "status": "affected",
                  "version": "1.0.15"
                },
                {
                  "status": "affected",
                  "version": "1.0.16"
                },
                {
                  "status": "affected",
                  "version": "1.0.17"
                },
                {
                  "status": "affected",
                  "version": "1.0.18"
                },
                {
                  "status": "affected",
                  "version": "1.0.19"
                },
                {
                  "status": "affected",
                  "version": "1.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.0.21"
                },
                {
                  "status": "affected",
                  "version": "1.0.22"
                },
                {
                  "status": "affected",
                  "version": "1.0.23"
                },
                {
                  "status": "affected",
                  "version": "1.0.24"
                },
                {
                  "status": "affected",
                  "version": "1.0.25"
                },
                {
                  "status": "affected",
                  "version": "1.0.26"
                },
                {
                  "status": "affected",
                  "version": "1.0.27"
                },
                {
                  "status": "affected",
                  "version": "1.0.28"
                },
                {
                  "status": "affected",
                  "version": "1.0.29"
                },
                {
                  "status": "affected",
                  "version": "1.0.30"
                },
                {
                  "status": "affected",
                  "version": "1.0.31"
                },
                {
                  "status": "affected",
                  "version": "1.0.32"
                },
                {
                  "status": "affected",
                  "version": "1.0.33"
                },
                {
                  "status": "affected",
                  "version": "1.0.34"
                },
                {
                  "status": "affected",
                  "version": "1.0.35"
                },
                {
                  "status": "affected",
                  "version": "1.0.36"
                },
                {
                  "status": "affected",
                  "version": "1.0.37"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "JJLeo (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect \"real world wasm programs\". Therefore, this entry might get disputed as well in the future."
            },
            {
              "lang": "de",
              "value": "Es wurde eine problematische Schwachstelle in WebAssembly wabt bis 1.0.37 ausgemacht. Dabei betrifft es die Funktion OnDataCount der Datei src/interp/binary-reader-interp.cc. Durch das Beeinflussen mit unbekannten Daten kann eine resource consumption-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-19T19:00:16.150Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-313278 | WebAssembly wabt binary-reader-interp.cc OnDataCount resource consumption",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.313278"
            },
            {
              "name": "VDB-313278 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.313278"
            },
            {
              "name": "Submit #593016 | WebAssembly wabt wabt 1.0.37 (commit a60eb26) Uncontrolled Memory Allocation",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.593016"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2598"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/user-attachments/files/20191325/wabt_crash_4.txt"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-19T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-19T08:44:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly wabt binary-reader-interp.cc OnDataCount resource consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-6274",
        "datePublished": "2025-06-19T19:00:16.150Z",
        "dateReserved": "2025-06-19T06:38:09.849Z",
        "dateUpdated": "2025-06-23T19:30:32.208Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6273 (GCVE-0-2025-6273)

    Vulnerability from cvelistv5 – Published: 2025-06-19 18:31 – Updated: 2025-06-23 19:30 Disputed
    VLAI
    Title
    WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion
    Summary
    A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect "real world wasm programs".
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    WebAssembly wabt Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Affected: 1.0.5
    Affected: 1.0.6
    Affected: 1.0.7
    Affected: 1.0.8
    Affected: 1.0.9
    Affected: 1.0.10
    Affected: 1.0.11
    Affected: 1.0.12
    Affected: 1.0.13
    Affected: 1.0.14
    Affected: 1.0.15
    Affected: 1.0.16
    Affected: 1.0.17
    Affected: 1.0.18
    Affected: 1.0.19
    Affected: 1.0.20
    Affected: 1.0.21
    Affected: 1.0.22
    Affected: 1.0.23
    Affected: 1.0.24
    Affected: 1.0.25
    Affected: 1.0.26
    Affected: 1.0.27
    Affected: 1.0.28
    Affected: 1.0.29
    Affected: 1.0.30
    Affected: 1.0.31
    Affected: 1.0.32
    Affected: 1.0.33
    Affected: 1.0.34
    Affected: 1.0.35
    Affected: 1.0.36
    Affected: 1.0.37
    Create a notification for this product.
    Credits
    JJLeo (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6273",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T16:16:54.491286Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T19:30:37.748Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/WebAssembly/wabt/issues/2574"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wabt",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                },
                {
                  "status": "affected",
                  "version": "1.0.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.13"
                },
                {
                  "status": "affected",
                  "version": "1.0.14"
                },
                {
                  "status": "affected",
                  "version": "1.0.15"
                },
                {
                  "status": "affected",
                  "version": "1.0.16"
                },
                {
                  "status": "affected",
                  "version": "1.0.17"
                },
                {
                  "status": "affected",
                  "version": "1.0.18"
                },
                {
                  "status": "affected",
                  "version": "1.0.19"
                },
                {
                  "status": "affected",
                  "version": "1.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.0.21"
                },
                {
                  "status": "affected",
                  "version": "1.0.22"
                },
                {
                  "status": "affected",
                  "version": "1.0.23"
                },
                {
                  "status": "affected",
                  "version": "1.0.24"
                },
                {
                  "status": "affected",
                  "version": "1.0.25"
                },
                {
                  "status": "affected",
                  "version": "1.0.26"
                },
                {
                  "status": "affected",
                  "version": "1.0.27"
                },
                {
                  "status": "affected",
                  "version": "1.0.28"
                },
                {
                  "status": "affected",
                  "version": "1.0.29"
                },
                {
                  "status": "affected",
                  "version": "1.0.30"
                },
                {
                  "status": "affected",
                  "version": "1.0.31"
                },
                {
                  "status": "affected",
                  "version": "1.0.32"
                },
                {
                  "status": "affected",
                  "version": "1.0.33"
                },
                {
                  "status": "affected",
                  "version": "1.0.34"
                },
                {
                  "status": "affected",
                  "version": "1.0.35"
                },
                {
                  "status": "affected",
                  "version": "1.0.36"
                },
                {
                  "status": "affected",
                  "version": "1.0.37"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "JJLeo (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect \"real world wasm programs\"."
            },
            {
              "lang": "de",
              "value": "Eine problematische Schwachstelle wurde in WebAssembly wabt bis 1.0.37 gefunden. Dies betrifft die Funktion LogOpcode der Datei src/binary-reader-objdump.cc. Durch Manipulieren mit unbekannten Daten kann eine reachable assertion-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Bisher konnte die Existenz der vermeintlichen Schwachstelle noch nicht eindeutig nachgewiesen werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-19T18:31:06.692Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-313277 | WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.313277"
            },
            {
              "name": "VDB-313277 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.313277"
            },
            {
              "name": "Submit #593010 | WebAssembly wabt wabt 1.0.37 (commit a60eb26) Reachable Assertion",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.593010"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2574"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/user-attachments/files/19529411/wabt_crash.txt"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-19T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-19T08:44:00.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-6273",
        "datePublished": "2025-06-19T18:31:06.692Z",
        "dateReserved": "2025-06-19T06:38:03.623Z",
        "dateUpdated": "2025-06-23T19:30:37.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3122 (GCVE-0-2025-3122)

    Vulnerability from cvelistv5 – Published: 2025-04-02 22:00 – Updated: 2025-04-03 19:18
    VLAI
    Title
    WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference
    Summary
    A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.303013 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.303013 signaturepermissions-required
    https://vuldb.com/?submit.525091 third-party-advisory
    https://github.com/WebAssembly/wabt/issues/2565 issue-tracking
    https://github.com/WebAssembly/wabt/issues/2565#i… exploitissue-tracking
    Impacted products
    Vendor Product Version
    WebAssembly wabt Affected: 1.0.36
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3122",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T19:17:51.412037Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T19:18:20.492Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wabt",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.36"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In WebAssembly wabt 1.0.36 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um die Funktion BinaryReaderInterp::BeginFunctionBody der Datei src/interp/binary-reader-interp.cc. Durch das Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.6,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-02T22:00:14.705Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-303013 | WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.303013"
            },
            {
              "name": "VDB-303013 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.303013"
            },
            {
              "name": "Submit #525091 | https://github.com/WebAssembly/wabt wabt 1.0.36 NULL Pointer Dereference",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.525091"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2565"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2565#issue-2927572319"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-02T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-02T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-02T15:42:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-3122",
        "datePublished": "2025-04-02T22:00:14.705Z",
        "dateReserved": "2025-04-02T13:37:36.642Z",
        "dateUpdated": "2025-04-03T19:18:20.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2584 (GCVE-0-2025-2584)

    Vulnerability from cvelistv5 – Published: 2025-03-21 07:31 – Updated: 2025-03-21 12:29
    VLAI
    Title
    WebAssembly wabt binary-reader-interp.cc GetReturnCallDropKeepCount heap-based overflow
    Summary
    A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.300544 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.300544 signaturepermissions-required
    https://vuldb.com/?submit.515406 third-party-advisory
    https://github.com/WebAssembly/wabt/issues/2557 issue-tracking
    https://github.com/WebAssembly/wabt/issues/2557#i… exploitissue-tracking
    Impacted products
    Vendor Product Version
    WebAssembly wabt Affected: 1.0.36
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2584",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-21T12:29:43.060139Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-21T12:29:54.383Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wabt",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.36"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In WebAssembly wabt 1.0.36 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion BinaryReaderInterp::GetReturnCallDropKeepCount der Datei wabt/src/interp/binary-reader-interp.cc. Mit der Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.1,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-21T07:31:03.732Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-300544 | WebAssembly wabt binary-reader-interp.cc GetReturnCallDropKeepCount heap-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.300544"
            },
            {
              "name": "VDB-300544 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.300544"
            },
            {
              "name": "Submit #515406 | https://github.com/WebAssembly/wabt wabt v1.0.36 Heap-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.515406"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2557"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2557#issue-2900405517"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-20T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-03-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-03-21T00:06:44.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly wabt binary-reader-interp.cc GetReturnCallDropKeepCount heap-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-2584",
        "datePublished": "2025-03-21T07:31:03.732Z",
        "dateReserved": "2025-03-20T23:01:41.046Z",
        "dateUpdated": "2025-03-21T12:29:54.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2368 (GCVE-0-2025-2368)

    Vulnerability from cvelistv5 – Published: 2025-03-17 08:00 – Updated: 2025-03-17 16:25
    VLAI
    Title
    WebAssembly wabt Malformed File binary-reader-interp.cc OnExport heap-based overflow
    Summary
    A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    WebAssembly wabt Affected: 1.0.36
    Create a notification for this product.
    Credits
    VulDB GitHub Analyzer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2368",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-17T16:24:32.904421Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T16:25:00.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Malformed File Handler"
              ],
              "product": "wabt",
              "vendor": "WebAssembly",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.36"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "tool",
              "value": "VulDB GitHub Analyzer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in WebAssembly wabt 1.0.36 gefunden. Dies betrifft die Funktion wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport der Datei wabt/src/interp/binary-reader-interp.cc der Komponente Malformed File Handler. Durch das Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-17T08:00:05.922Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-299867 | WebAssembly wabt Malformed File binary-reader-interp.cc OnExport heap-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.299867"
            },
            {
              "name": "VDB-299867 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.299867"
            },
            {
              "name": "Submit #515327 | https://github.com/WebAssembly/wabt wabt v1.0.36 Heap-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.515327"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2556"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2537"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/WebAssembly/wabt/issues/2556#issue-2899598349"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/WebAssembly/wabt/pull/2541"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-16T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-03-16T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-03-16T13:54:25.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WebAssembly wabt Malformed File binary-reader-interp.cc OnExport heap-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-2368",
        "datePublished": "2025-03-17T08:00:05.922Z",
        "dateReserved": "2025-03-16T12:47:32.747Z",
        "dateUpdated": "2025-03-17T16:25:00.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46331 (GCVE-0-2023-46331)

    Vulnerability from cvelistv5 – Published: 2023-10-23 00:00 – Updated: 2024-09-17 14:21
    VLAI
    Summary
    WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:41.260Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/WebAssembly/wabt/issues/2310"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46331",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T18:45:31.736555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T14:21:45.481Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T16:03:55.341Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/WebAssembly/wabt/issues/2310"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46331",
        "datePublished": "2023-10-23T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T14:21:45.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46332 (GCVE-0-2023-46332)

    Vulnerability from cvelistv5 – Published: 2023-10-23 00:00 – Updated: 2024-09-17 14:21
    VLAI
    Summary
    WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:40.807Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/WebAssembly/wabt/issues/2311"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46332",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T18:47:55.170627Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T14:21:11.938Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T16:00:44.624Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/WebAssembly/wabt/issues/2311"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46332",
        "datePublished": "2023-10-23T00:00:00.000Z",
        "dateReserved": "2023-10-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T14:21:11.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-18382 (GCVE-0-2020-18382)

    Vulnerability from cvelistv5 – Published: 2023-08-22 00:00 – Updated: 2024-10-07 15:46
    VLAI
    Summary
    Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T14:00:49.138Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/WebAssembly/binaryen/issues/1900"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-18382",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T15:45:55.966520Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T15:46:14.979Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-22T15:45:46.416Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/WebAssembly/binaryen/issues/1900"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-18382",
        "datePublished": "2023-08-22T00:00:00.000Z",
        "dateReserved": "2020-08-13T00:00:00.000Z",
        "dateUpdated": "2024-10-07T15:46:14.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-18378 (GCVE-0-2020-18378)

    Vulnerability from cvelistv5 – Published: 2023-08-22 00:00 – Updated: 2024-10-03 20:30
    VLAI
    Summary
    A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T14:00:49.256Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/WebAssembly/binaryen/issues/1900"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-18378",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T20:26:34.106830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-476",
                    "description": "CWE-476 NULL Pointer Dereference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T20:30:39.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-22T15:45:45.912Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/WebAssembly/binaryen/issues/1900"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-18378",
        "datePublished": "2023-08-22T00:00:00.000Z",
        "dateReserved": "2020-08-13T00:00:00.000Z",
        "dateUpdated": "2024-10-03T20:30:39.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }