← voltar
CVE-2025-15411

WebAssembly wabt wasm-decompile InsertNode memory corruption

CVSS 4.8 MEDIUMEPSS 0.2%CWE-119
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
01 jan 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
WebAssembly · wabt

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/oneafter/1208/blob/main/af1https://github.com/WebAssembly/wabt/https://github.com/WebAssembly/wabt/issues/2679https://vuldb.com/?ctiid.339332https://vuldb.com/?id.339332https://vuldb.com/?submit.719825https://vuldb.com/?submit.736404