Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-69261

Опубликовано: 30 дек. 2025
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in WasmEdge/include/runtime/instance/memory.h can wrap, causing checkAccessBound() to incorrectly allow the access. This leads to a segmentation fault. Version 0.16.0-alpha.3 contains a patch for the issue.

A flaw was found in WasmEdge, a WebAssembly runtime. A multiplication error within the checkAccessBound() function can lead to incorrect memory access. This vulnerability allows a remote attacker to trigger a segmentation fault, causing the program to crash and resulting in a Denial of Service (DoS).

Отчет

This vulnerability is rated Moderate for Red Hat products as it leads to a Denial of Service in WasmEdge. A remote attacker can trigger a segmentation fault by exploiting an incorrect memory access within the checkAccessBound() function. This affects WasmEdge in Community Projects (EPEL, Fedora) and OpenShift Container Platform, potentially causing the runtime to crash.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 4rhcosFix deferred
Red Hat OpenShift Container Platform 4wasmedgeFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2426308wasmedge: WasmEdge: Denial of Service via incorrect memory access

EPSS

Процентиль: 20%
0.00063
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-69261

CVSS3: 7.5
ubuntu
3 месяца назад

WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in `WasmEdge/include/runtime/instance/memory.h` can wrap, causing `checkAccessBound()` to incorrectly allow the access. This leads to a segmentation fault. Version 0.16.0-alpha.3 contains a patch for the issue.

nvd логотип

CVE-2025-69261

CVSS3: 7.5
nvd
3 месяца назад

WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in `WasmEdge/include/runtime/instance/memory.h` can wrap, causing `checkAccessBound()` to incorrectly allow the access. This leads to a segmentation fault. Version 0.16.0-alpha.3 contains a patch for the issue.

debian логотип

CVE-2025-69261

CVSS3: 7.5
debian
3 месяца назад

WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a ...

EPSS

Процентиль: 20%
0.00063
Низкий

5.3 Medium

CVSS3

Уязвимость CVE-2025-69261