Primary

Context

Wasm3 Out-of-Bounds Write Vulnerability in Version 0.5.0

Vulnerability

A vulnerability allowing out-of-bounds write has been identified in Wasm3 version 0.5.0. This issue arises in the 'MarkSlotAllocated' function within 'source/m3_compile.c'. The vulnerability can be exploited locally, leading to a segmentation fault by causing an invalid memory write. This behavior is indicative of a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a segmentation fault, disrupting the application's normal operation and leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by compiling Wasm3 with Clang, using AddressSanitizer to detect memory errors. After building the application, the fuzzer can be used to send a specially crafted input that triggers the out-of-bounds write vulnerability. The AddressSanitizer will report the segmentation fault, confirming the exploitation of the vulnerability.

Added: Jun 19, 2025, 6:22 PM

Updated: Jun 19, 2025, 6:22 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wasm3 Out-of-Bounds Write Vulnerability in Version 0.5.0

Vulnerability

Impact

Reproduction

Affected Products

wasm3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating