PT-2025-49777 · Wasmi · Wasmi
Published
2025-12-08
·
Updated
2025-12-09
·
CVE-2025-66627
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Wasmi versions 0.41.0 through 0.41.1
Wasmi versions 0.42.0 through 0.47.1
Wasmi versions 0.50.0 through 0.51.2
Wasmi version 1.0.0
Description
Wasmi is a WebAssembly interpreter designed for constrained and embedded systems. The linear memory implementation in affected versions contains a Use After Free condition. This issue is triggered when a WebAssembly module operates under specific memory growth circumstances. Successful exploitation could result in memory corruption, information disclosure, or code execution.
Recommendations
Versions prior to 0.41.2 are affected.
Versions prior to 0.47.2 are affected.
Versions prior to 0.51.3 are affected.
Versions prior to 1.0.1 are affected.
Consider limiting the maximum linear memory sizes where feasible.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wasmi