CNNVD-202511-2692 Information
CNNVD ID
CNNVD-202511-2692
Related CVE
- CNNVD Published: 2025-11-25
Description (Chinese)
WebAssembly Micro Runtime(WAMR)是Bytecode Alliance开源的一种轻量级的独立 WebAssembly 运行时。具有占用空间小、高性能和高度可配置的功能,适用于从嵌入式、物联网、边缘到可信执行环境 (TEE)、智能合约、云原生等应用程序。 WebAssembly Micro Runtime 2.4.4之前版本存在缓冲区错误漏洞,该漏洞源于快速解释器模式下存在数组越界访问。
Description (English)
WebAssembly Micro Runtime (WAMR) is a lightweight independent of the Bytecode Alliance open source WebAssembly running. It has small, high-performance and highly configurable functions that apply to applications ranging from embedded, networked, edged to a credible implementation environment (TEE), smart contracts, clouds, etc. The previous version of WebAssembly Micro Runtime 2.4.4 had an error loophole in the buffer zone, which stemmed from the presence of a series of cross-border visits under the fast interpretor model.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
Bytecode Alliance
Published
2025-11-25
Last Modified
2026-02-24
References
https://github.com/bytecodealliance/wasm-micro-runtime/releases/tag/WAMR-2.4.4 https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-gvx3-gg3x-rjcx
Patch
https://github.com/bytecodealliance/wasm-micro-runtime/releases
Share on: