CNNVD-202507-2463 Information

CNNVD ID

CNNVD-202507-2463

Related CVE

CVE-2025-53901

• CNNVD Published: 2025-07-18

Description (Chinese)

Bytecode Alliance Wasmtime是Bytecode Alliance开源的一个独立的仅用于 WebAssembly 和 WASI 的 wasm 优化软件。 Bytecode Alliance Wasmtime 24.0.4、33.0.2和34.0.2之前版本存在安全漏洞，该漏洞源于WASIp1实现缺陷，可能导致拒绝服务。

Description (English)

Bytecode Alliance Wasmtime is an independent, open-source software for WebAssembly and Wasi only. The security gap that existed prior to Bytecode Alliance 24.0.4, 33.0.2 and 34.0.2 resulted from the deficiencies achieved by WASIp 1, which could lead to the denial of services.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Bytecode Alliance

Published

2025-07-18

Last Modified

2026-02-24

References

https://docs.wasmtime.dev/security-what-is-considered-a-security-vulnerability.html https://docs.wasmtime.dev/stability-release.html https://github.com/bytecodealliance/wasmtime/blob/037a6edadbc225decbea00a551aabf04203717d9/crates/wasi/src/preview1.rs#L1824-L1836 https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-fm79-3f68-h2fc https://github.com/WebAssembly/WASI/blob/e1aa1cae4dda4c1f70f23fe11e922aae92f240a8/legacy/preview1/witx/wasi_snapshot_preview1.witx#L245-L260

Patch

https://wasmtime.dev/