CVE-2025-6274

Summary

A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.

Affected Software

VendorProductVersion RangeStatus
WebAssemblywabt1.0.0affected
WebAssemblywabt1.0.1affected
WebAssemblywabt1.0.2affected
WebAssemblywabt1.0.3affected
WebAssemblywabt1.0.4affected
WebAssemblywabt1.0.5affected
WebAssemblywabt1.0.6affected
WebAssemblywabt1.0.7affected
WebAssemblywabt1.0.8affected
WebAssemblywabt1.0.9affected
WebAssemblywabt1.0.10affected
WebAssemblywabt1.0.11affected
WebAssemblywabt1.0.12affected
WebAssemblywabt1.0.13affected
WebAssemblywabt1.0.14affected
WebAssemblywabt1.0.15affected
WebAssemblywabt1.0.16affected
WebAssemblywabt1.0.17affected
WebAssemblywabt1.0.18affected
WebAssemblywabt1.0.19affected
WebAssemblywabt1.0.20affected
WebAssemblywabt1.0.21affected
WebAssemblywabt1.0.22affected
WebAssemblywabt1.0.23affected
WebAssemblywabt1.0.24affected
WebAssemblywabt1.0.25affected
WebAssemblywabt1.0.26affected
WebAssemblywabt1.0.27affected
WebAssemblywabt1.0.28affected
WebAssemblywabt1.0.29affected
WebAssemblywabt1.0.30affected
WebAssemblywabt1.0.31affected
WebAssemblywabt1.0.32affected
WebAssemblywabt1.0.33affected
WebAssemblywabt1.0.34affected
WebAssemblywabt1.0.35affected
WebAssemblywabt1.0.36affected
WebAssemblywabt1.0.37affected

Weaknesses

  • CWE-400: Resource Consumption
  • CWE-404: Denial of Service

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References