CNNVD-202601-007 Information
Jan 01, 2026
cve
CNNVD ID
CNNVD-202601-007
Related CVE
- CNNVD Published: 2026-01-01
Description (Chinese)
WebAssembly wabt是WebAssembly开源的一个WebAssembly二进制工具包。 WebAssembly wabt 1.0.39及之前版本存在缓冲区错误漏洞,该漏洞源于wasm-decompile组件文件/src/repro/wabt/bin/wasm-decompile中wabt::AST::InsertNode函数存在内存损坏,可能导致本地攻击。
Description (English)
WebAssembly Wabt is a WebAssembly binary toolkit from WebAssembly Open Source. WebAssembly 1.0.39 and previous versions contain an error loophole in the buffer zone, originating from the wabt:AST:InsertNode function in the wasm-decompile component file/src/repro/wabt/bin/wasm-decompile, which may cause local attack.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
WebAssembly
Published
2026-01-01
Last Modified
2026-02-24
References
https://github.com/WebAssembly/wabt/issues/2679 https://github.com/oneafter/1208/blob/main/af1 https://vuldb.com/?ctiid.339332 https://vuldb.com/?id.339332 https://vuldb.com/?submit.719825
Share on: