CNNVD-202601-006 Information
CNNVD ID
CNNVD-202601-006
Related CVE
- CNNVD Published: 2026-01-01
Description (Chinese)
WebAssembly wabt是WebAssembly开源的一个WebAssembly二进制工具包。 WebAssembly wabt 1.0.39及之前版本存在缓冲区错误漏洞,该漏洞源于wasm-decompile组件文件/src/repro/wabt/bin/wasm-decompile中wabt::Decompiler::VarName函数存在越界读取,可能导致本地攻击。
Description (English)
WebAssembly Wabt is a WebAssembly binary toolkit from WebAssembly Open Source. WebAssembly 1.0.39 and previous versions have an error loophole in the buffer zone that originates from the wabt: Decompiler: :VarName function in the wasm-decompile component file/src/repro/wabt/bin/wasm-decompile, which can lead to local attacks.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
WebAssembly
Published
2026-01-01
Last Modified
2026-02-24
References
https://github.com/WebAssembly/wabt/issues/2678 https://github.com/oneafter/1208/blob/main/af1 https://vuldb.com/?ctiid.339333 https://vuldb.com/?id.339333 https://vuldb.com/?submit.719826
Share on: