VYPR

Vendor CVEs

Webassembly

All CVEs

46 total · sorted by risk
  • CVE-2018-16767HigSep 10, 2018
    risk 0.57cvss 8.8epss 0.01

    In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOp…

  • CVE-2025-15412MedJan 1, 2026
    risk 0.34cvss 5.3epss 0.00

    A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is…

  • CVE-2025-15411MedJan 1, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the…

  • CVE-2025-14956MedDec 19, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host.…

  • CVE-2025-6275LowJun 19, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the…

  • CVE-2025-6274LowJun 19, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit…

  • CVE-2025-6273LowJun 19, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The…

  • CVE-2026-8257LowMay 11, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached…

  • CVE-2025-14957LowDec 19, 2025
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads…

  • CVE-2025-3122Apr 2, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can…

  • CVE-2025-2584Mar 21, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer…

  • CVE-2025-2368Mar 17, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The…

  • CVE-2023-46331Oct 23, 2023
    risk 0.00cvss epss 0.00

    WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.

  • CVE-2023-46332Oct 23, 2023
    risk 0.00cvss epss 0.00

    WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.

  • CVE-2020-18378Aug 22, 2023
    risk 0.00cvss epss 0.01

    A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.

  • CVE-2020-18382Aug 22, 2023
    risk 0.00cvss epss 0.01

    Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt.

  • CVE-2023-31670May 23, 2023
    risk 0.00cvss epss 0.01

    An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.

  • CVE-2023-31669May 23, 2023
    risk 0.00cvss epss 0.00

    WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").

  • CVE-2023-27115Mar 10, 2023
    risk 0.00cvss epss 0.00

    WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.

  • CVE-2023-27116Mar 10, 2023
    risk 0.00cvss epss 0.00

    WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.

  • CVE-2023-27117Mar 10, 2023
    risk 0.00cvss epss 0.00

    WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator.

  • CVE-2023-27119Mar 10, 2023
    risk 0.00cvss epss 0.00

    WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.

  • CVE-2022-43280Oct 28, 2022
    risk 0.00cvss epss 0.00

    wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.

  • CVE-2022-43282Oct 28, 2022
    risk 0.00cvss epss 0.00

    wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount.

  • CVE-2022-43283Oct 28, 2022
    risk 0.00cvss epss 0.00

    wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.

  • CVE-2022-43281Oct 28, 2022
    risk 0.00cvss epss 0.00

    wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h.

  • CVE-2021-46055Jan 7, 2022
    risk 0.00cvss epss 0.01

    A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).

  • CVE-2021-46054Jan 7, 2022
    risk 0.00cvss epss 0.01

    A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).

  • CVE-2021-46053Jan 7, 2022
    risk 0.00cvss epss 0.01

    A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL.

  • CVE-2021-46052Jan 7, 2022
    risk 0.00cvss epss 0.01

    A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate.

  • CVE-2021-46050Jan 7, 2022
    risk 0.00cvss epss 0.01

    A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function.

  • CVE-2021-46048Jan 7, 2022
    risk 0.00cvss epss 0.01

    A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions.

  • CVE-2021-45293Dec 21, 2021
    risk 0.00cvss epss 0.01

    A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet.

  • CVE-2021-45290Dec 21, 2021
    risk 0.00cvss epss 0.01

    A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable.

  • CVE-2019-15758Aug 29, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js.

  • CVE-2019-15759Aug 29, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.

  • CVE-2019-7703Feb 10, 2019
    risk 0.00cvss epss 0.01

    In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge.

  • CVE-2019-7702Feb 10, 2019
    risk 0.00cvss epss 0.01

    A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.

  • CVE-2019-7701Feb 10, 2019
    risk 0.00cvss epss 0.01

    A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js.

  • CVE-2019-7700Feb 10, 2019
    risk 0.00cvss epss 0.01

    A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge.

  • CVE-2019-7704Feb 10, 2019
    risk 0.00cvss epss 0.01

    wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt.

  • CVE-2019-7662Feb 9, 2019
    risk 0.00cvss epss 0.02

    An assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file.

  • CVE-2019-7151Jan 29, 2019
    risk 0.00cvss epss 0.01

    A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.

  • CVE-2019-7152Jan 29, 2019
    risk 0.00cvss epss 0.01

    A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as…

  • CVE-2019-7154Jan 29, 2019
    risk 0.00cvss epss 0.01

    The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to…

  • CVE-2019-7153Jan 29, 2019
    risk 0.00cvss epss 0.01

    A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as…