Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-6274

Опубликовано: 19 июн. 2025
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.

A denial-of-service vulnerability has been identified in WebAssembly's WebAssembly Binary Toolkit (wabt), specifically within the OnDataCount function. This flaw allows an attacker with local access to trigger runaway resource consumption (for example, excessive memory or CPU usage) by manipulating input provided to this function. This uncontrolled resource use can lead to the host operating system terminating the affected process, resulting in a denial of service.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10firefoxFix deferred
Red Hat Enterprise Linux 10thunderbirdFix deferred
Red Hat Enterprise Linux 7firefoxFix deferred
Red Hat Enterprise Linux 8firefoxFix deferred
Red Hat Enterprise Linux 8thunderbirdFix deferred
Red Hat Enterprise Linux 9firefoxFix deferred
Red Hat Enterprise Linux 9thunderbirdFix deferred

Показывать по

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
Дефект:
CWE-404
https://bugzilla.redhat.com/show_bug.cgi?id=2373934wabt: WebAssembly wabt excess resource consumption

EPSS

Процентиль: 10%
0.00037
Низкий

3.3 Low

CVSS3

Связанные уязвимости

CVSS3: 3.3
ubuntu
около 2 месяцев назад

A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.

CVSS3: 3.3
nvd
около 2 месяцев назад

A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.

CVSS3: 3.3
debian
около 2 месяцев назад

A vulnerability was found in WebAssembly wabt up to 1.0.37. It has bee ...

CVSS3: 3.3
github
около 2 месяцев назад

A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.

EPSS

Процентиль: 10%
0.00037
Низкий

3.3 Low

CVSS3