CVE-2025-2368

17.03.2025, 08:15

A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
VulDB	CNA	6.3 MEDIUM				CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 29%

Debian Releases

Debian Product

Codename

wabt

bullseye	unimportant
bookworm	unimportant
sid	unimportant
trixie	unimportant

Ubuntu Releases

Ubuntu Product

Codename

wabt

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://github.com/WebAssembly/wabt/issues/2537

https://github.com/WebAssembly/wabt/issues/2556

https://github.com/WebAssembly/wabt/issues/2556#issue-2899598349

https://github.com/WebAssembly/wabt/pull/2541

https://vuldb.com/?ctiid.299867

https://vuldb.com/?id.299867

https://vuldb.com/?submit.515327