bytecodealliance wasm-micro-runtime
Moderate fix1 remedy
cpe:2.3:a:bytecodealliance:webassembly_micro_runtime:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 2.4.3
WebAssembly Micro Runtime Segmentation Fault Vulnerability in v128.store Instruction
Vulnerability
Patched
A segmentation fault vulnerability has been identified in WebAssembly Micro Runtime (WAMR) versions through 2.4.3. The issue arises in the classic interpreter when handling SIMD opcodes, specifically during the v128.store instruction, leading to an unhandled segmentation fault and a core dump.
Impact
Exploitation of this vulnerability causes a segmentation fault, resulting in a crash of the application and a core dump.
Reproduction
The vulnerability can be reproduced by saving the WASM file '0_v128.wasm' and running it with the IWASM interpreter version 2.4.3 on Ubuntu 20.04. This can be done by using the command 'iwasm/iwasm --interp -f main corpus/0_v128.wasm', which will trigger the segmentation fault.
Remediation
Users can upgrade to WAMR version 2.4.4, where this vulnerability has been patched.
Added: Nov 25, 2025, 11:19 PM
Updated: Nov 25, 2025, 11:19 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
5.8remediation
7.7relevance
1.2threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.