CNNVD-202512-3815 Information

Dec 19, 2025 cve

CNNVD ID

CNNVD-202512-3815

CVE-2025-14956

CNNVD Published: 2025-12-19

Description (Chinese)

Binaryen是WebAssembly开源的一款使用C++编写的用于WebAssembly的编译器基础结构和工具链库。 Binaryen 125及之前版本存在安全漏洞，该漏洞源于函数WasmBinaryReader::readExport的错误操作，可能导致堆缓冲区溢出。

Description (English)

Binaryen is a section of WebAssembly Open Source that uses the C++ for WebAssembly’s compiler infrastructure and tool chains. There is a security loophole in Binaryen 125 and earlier versions, which stems from an error in the function Wasm BinaryReader::readExport, which could result in a spill over the buffer zone.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WebAssembly

Published

2025-12-19

Last Modified

2026-02-24

References

https://github.com/WebAssembly/binaryen/commit/4f52bff8c4075b5630422f902dd92a0af2c9f398 https://github.com/WebAssembly/binaryen/issues/8089 https://github.com/WebAssembly/binaryen/pull/8092 https://github.com/oneafter/1204/blob/main/hbf https://vuldb.com/?ctiid.337592 https://vuldb.com/?id.337592 https://vuldb.com/?submit.717315

Share on: