CVE-2025-2368

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WebAssembly wabt version 1.0.36

Description A critical issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the component Malformed File Handler, leading to a heap-based buffer overflow. The attack may be initiated remotely. This issue is related to the file wabt/src/interp/binary-reader-interp.cc.

Recommendations Apply a patch to fix this issue for WebAssembly wabt version 1.0.36. As a temporary workaround, consider restricting access to the OnExport function of the BinaryReaderInterp class until a patch is available.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122CWE-119

Related Identifiers

CVE-2025-2368

PYSEC-2025-227

Affected Products

Debian

Webassembly Wabt

CVE-2025-2368

Weakness Enumeration

Related Identifiers

Affected Products

References · 22