VYPR
Unrated severityOSV Advisory· Published Dec 30, 2025· Updated Jan 2, 2026

WasmEdge integer wrap in MemoryInstance::getSpan()'s memory size check

CVE-2025-69261

Description

WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in WasmEdge/include/runtime/instance/memory.h can wrap, causing checkAccessBound() to incorrectly allow the access. This leads to a segmentation fault. Version 0.16.0-alpha.3 contains a patch for the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Wasmedge/WasmedgeOSV2 versions
    0.1.0, 0.10.0, 0.10.0-alpha.1, …+ 1 more
    • (no CPE)range: 0.1.0, 0.10.0, 0.10.0-alpha.1, …
    • (no CPE)range: <0.16.0-alpha.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.