Primary

Context

WebAssembly Wabt Use-After-Free Vulnerability in Binary Reader Interpreter

Vulnerability

Patched

A use-after-free vulnerability has been identified in WebAssembly's Wabt toolchain, specifically in versions up to 1.0.37. The issue arises in the function 'GetFuncOffset' within 'src/interp/binary-reader-interp.cc'. This vulnerability can be exploited locally, leading to a denial-of-service condition by causing a heap-use-after-free error. The vulnerability has been publicly disclosed, and an exploit is available.

Impact

Exploitation of this vulnerability causes a heap-use-after-free error, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced using a fuzzing harness that is part of the OSS-Fuzz project. After compiling Wabt with AddressSanitizer enabled, the fuzzer can be run with a specially crafted WebAssembly file that triggers the use-after-free condition.

Added: Jun 19, 2025, 8:27 PM

Updated: Jun 19, 2025, 8:27 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WebAssembly Wabt Use-After-Free Vulnerability in Binary Reader Interpreter

Vulnerability

Impact

Reproduction

Affected Products

WebAssembly wabt

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating