Bytecodealliance

Webassembly Micro Runtime

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-58749

Exploit
  • EPSS 0.06%
  • Veröffentlicht 16.09.2025 15:53:35
  • Zuletzt bearbeitet 20.09.2025 02:58:23

WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill ins...

5.3

CVE-2025-54126

Exploit
  • EPSS 0.05%
  • Veröffentlicht 29.07.2025 21:52:36
  • Zuletzt bearbeitet 23.09.2025 17:58:43

The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 addre...

5.5

CVE-2025-43853

Exploit
  • EPSS 0.02%
  • Veröffentlicht 15.05.2025 17:13:11
  • Zuletzt bearbeitet 19.09.2025 18:10:45

The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built wi...

7.5

CVE-2024-27532

Exploit
  • EPSS 0.3%
  • Veröffentlicht 08.11.2024 22:15:15
  • Zuletzt bearbeitet 29.09.2025 14:41:30

wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types.

7.8

CVE-2024-25431

Exploit
  • EPSS 0.42%
  • Veröffentlicht 08.11.2024 17:15:06
  • Zuletzt bearbeitet 14.11.2024 20:42:47

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function.

6.2

CVE-2024-34250

Exploit
  • EPSS 0.11%
  • Veröffentlicht 06.05.2024 16:15:14
  • Zuletzt bearbeitet 13.06.2025 13:10:55

A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasm_loader_check_br" function in core/iwasm/interpreter/wasm_loader.c.

7.5

CVE-2024-34251

Exploit
  • EPSS 0.33%
  • Veröffentlicht 06.05.2024 16:15:14
  • Zuletzt bearbeitet 13.06.2025 13:09:18

An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "block_type_get_arity" function in core/iwasm/interpreter/wasm.h.

5.5

CVE-2023-52284

Exploit
  • EPSS 0.05%
  • Veröffentlicht 31.12.2023 06:15:08
  • Zuletzt bearbeitet 21.11.2024 08:39:30

Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.

7.5

CVE-2023-48105

Exploit
  • EPSS 0.37%
  • Veröffentlicht 22.11.2023 23:15:10
  • Zuletzt bearbeitet 21.11.2024 08:31:05

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c.