CNNVD-202511-2697 Information
CNNVD ID
CNNVD-202511-2697
Related CVE
- CNNVD Published: 2025-11-25
Description (Chinese)
WebAssembly Micro Runtime(WAMR)是Bytecode Alliance开源的一种轻量级的独立 WebAssembly 运行时。具有占用空间小、高性能和高度可配置的功能,适用于从嵌入式、物联网、边缘到可信执行环境 (TEE)、智能合约、云原生等应用程序。 WebAssembly Micro Runtime 2.4.4之前版本存在代码问题漏洞,该漏洞源于v128.store指令中存在分段错误。
Description (English)
WebAssembly Micro Runtime (WAMR) is a lightweight independent of the Bytecode Alliance open source WebAssembly running. It has small, high-performance and highly configurable functions that apply to applications ranging from embedded, networked, edged to a credible implementation environment (TEE), smart contracts, clouds, etc. There was a code breach in the pre-WebAssembly Micro Runtime 2.4.4 version, which originated from a break error in the V128.store directive.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Bytecode Alliance
Published
2025-11-25
Last Modified
2026-02-24
References
https://github.com/bytecodealliance/wasm-micro-runtime/releases/tag/WAMR-2.4.4 https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-2f2p-wf5w-82qr
Patch
https://github.com/bytecodealliance/wasm-micro-runtime/releases
Share on: