Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-62711

Опубликовано: 24 окт. 2025
Источник: redhat
CVSS3: 3.7
EPSS Низкий

Описание

Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. Wasmtime 38.0.3 has been released and is patched to fix this issue. There are no workarounds.

A Denial of Service vulnerability has been identified in the Wasmtime WebAssembly runtime, affecting versions 38.0.0 through 38.0.2. An attacker can exploit this flaw by providing a carefully crafted WebAssembly component and invoking it in a specific manner. This malicious action causes the host process to crash, leading to a complete disruption of service for applications utilizing the vulnerable runtime.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Connectivity Link 1rhcl-1/wasm-shim-rhel9Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-755
https://bugzilla.redhat.com/show_bug.cgi?id=2406269wasmtime: Wasmtime vulnerable to segfault when using component resources

EPSS

Процентиль: 2%
0.00012
Низкий

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-62711

CVSS3: 3.1
ubuntu
5 месяцев назад

Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. Wasmtime 38.0.3 has been released and is patched to fix this issue. There are no workarounds.

nvd логотип

CVE-2025-62711

CVSS3: 3.1
nvd
5 месяцев назад

Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. Wasmtime 38.0.3 has been released and is patched to fix this issue. There are no workarounds.

debian логотип

CVE-2025-62711

CVSS3: 3.1
debian
5 месяцев назад

Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to befo ...

github логотип

GHSA-4h67-722j-5pmc

github
5 месяцев назад

Wasmtime vulnerable to segfault when using component resources

EPSS

Процентиль: 2%
0.00012
Низкий

3.7 Low

CVSS3