CVE-2025-62711

Low CVSS: 2.1

Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. Wasmtime 38.0.3 has been released and is patched to fix this issue. There are no workarounds.

Vendor

Bytecodealliance

Product

Wasmtime

CWE

CWE-755

Yayın Tarihi

2025-10-24 22:15:49

Güncelleme

2025-11-03 19:26:50

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-755 Wasmtime LOW Bytecodealliance 2025

Referanslar

https://github.com/bytecodealliance/wasmtime/commit/192f2fcdadfec9d0cf6b58548a85a7307450cbf5 https://github.com/bytecodealliance/wasmtime/pull/11592 https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4h67-722j-5pmc

Benzer Kayıtlar

Medium

CVE-2026-27195

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the `component-model-async` feature became the def…

Medium

CVE-2026-27204

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implemen…

Medium

CVE-2026-27572

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implemen…

Medium

CVE-2026-24116

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x8…

Medium

CVE-2025-64704

WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, WAMR is…

Medium

CVE-2025-64713

WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, an out-…