CNNVD-202509-2375 Information
CNNVD ID
CNNVD-202509-2375
Related CVE
- CNNVD Published: 2025-09-16
Description (Chinese)
WebAssembly Micro Runtime(WAMR)是Bytecode Alliance开源的一种轻量级的独立 WebAssembly 运行时。具有占用空间小、高性能和高度可配置的功能,适用于从嵌入式、物联网、边缘到可信执行环境 (TEE)、智能合约、云原生等应用程序。 WebAssembly Micro Runtime 2.4.2之前版本存在安全漏洞,该漏洞源于在LLVM-JIT模式下执行内存填充指令时处理不当,可能导致运行时挂起或崩溃。
Description (English)
WebAssembly Micro Runtime (WAMR) is a lightweight independent of the Bytecode Alliance open source WebAssembly running. It has small, high-performance and highly configurable functions that apply to applications ranging from embedded, networked, edged to a credible implementation environment (TEE), smart contracts, clouds, etc. There is a security loophole in the pre-WebAssembly Micro Runtime 2.4.2 that arises from the inappropriate handling of memory filling instructions in the LLVM-JIT mode, which may lead to hanging or crashing while running.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Bytedeco
Published
2025-09-16
Last Modified
2026-02-24
References
https://github.com/bytecodealliance/wasm-micro-runtime/commit/95f506a6e77d3ac7588eac7263f95558edfa7f3b https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-xj5p-r8jq-pw47 https://access.redhat.com/security/cve/cve-2025-58749
Patch
https://github.com/bytecodealliance/wasm-micro-runtime/releases
Share on: