PYSEC-2025-228

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/wabt-bin/PYSEC-2025-228.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2025-228

Aliases

CVE-2025-2584

Published

2025-03-21T08:15:11.273Z

Modified

2026-05-21T15:00:31.908827079Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

References

Affected packages

PyPI / wabt-bin

Package

Name: wabt-bin; View open source insights on deps.dev
Purl: pkg:pypi/wabt-bin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.0.36

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/wabt-bin/PYSEC-2025-228.yaml"