CVE-2024-25431

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the checkwasabi_compatibility function.

References

Affected packages

Git / github.com/bytecodealliance/wasm-micro-runtime

Affected ranges

Type

GIT

Repo

https://github.com/bytecodealliance/wasm-micro-runtime

Events

Introduced

Fixed

2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.3.2"
        }
    ]
}

Affected versions

Other

01-12-2020

WAMR-01-18-2022

WAMR-01-29-2021

WAMR-02-18-2020

WAMR-02-27-2020

WAMR-03-05-2020

WAMR-03-19-2020

WAMR-03-25-2021

WAMR-03-30-2020

WAMR-04-15-2020

WAMR-04-15-2021

WAMR-05-18-2022

WAMR-06-15-2020

WAMR-07-10-2020

WAMR-08-10-2021

WAMR-09-08-2020

WAMR-09-29-2020

WAMR-12-30-2021

tag-11-28-2019

WAMR-1.*

WAMR-1.0.0

WAMR-1.1.0

WAMR-1.1.1

WAMR-1.1.2

WAMR-1.2.0

WAMR-1.2.1

WAMR-1.2.2

WAMR-1.2.3

WAMR-1.3.0

WAMR-1.3.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25431.json"

vanir_signatures_modified

"2026-04-12T08:03:55Z"

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 22161.0,
            "function_hash": "308315927773981970701906387713461745998"
        },
        "source": "https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1",
        "id": "CVE-2024-25431-19e7bb33",
        "signature_type": "Function",
        "target": {
            "function": "jit_compile_func",
            "file": "core/iwasm/fast-jit/jit_frontend.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 12914.0,
            "function_hash": "245007478140718990670205887430587903080"
        },
        "source": "https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1",
        "id": "CVE-2024-25431-3076f33a",
        "signature_type": "Function",
        "target": {
            "function": "wasm_loader_find_block_addr",
            "file": "core/iwasm/interpreter/wasm_loader.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "53513550805569191246674279969879609147",
                "165357311987357927861583108694050580478",
                "22482097818255548705428619037221091671",
                "290416680676439225166966373182467276705",
                "272173914833243899884482364715873009219",
                "113118127352463347756934767180624127999",
                "10275146382049674888833064500756329612",
                "290504262970370149892108135417240026867",
                "53796558056089980519777130193204055781",
                "113118127352463347756934767180624127999",
                "185363004196648890244794680125643929772",
                "317130809186909563184898381116102583182",
                "253684329043335375555735690195647963077",
                "83260937038933113807956045955337018257",
                "172721754525141588978481491884483638817",
                "51435571607015390562119312055792164650",
                "76798375443524136389684924657127012729",
                "292045418200349890834280484419933282995",
                "136885397619715068348593997951234195834",
                "215929868964121736937597479991550511871",
                "305102767582273794232345706739226607595"
            ]
        },
        "source": "https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1",
        "id": "CVE-2024-25431-3baafa38",
        "signature_type": "Line",
        "target": {
            "file": "core/iwasm/interpreter/wasm_mini_loader.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 42456.0,
            "function_hash": "106156297863865063013801467061769689114"
        },
        "source": "https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1",
        "id": "CVE-2024-25431-3c57dda0",
        "signature_type": "Function",
        "target": {
            "function": "wasm_loader_prepare_bytecode",
            "file": "core/iwasm/interpreter/wasm_mini_loader.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 41642.0,
            "function_hash": "47004666749678022509072460659949333658"
        },
        "source": "https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1",
        "id": "CVE-2024-25431-514f6167",
        "signature_type": "Function",
        "target": {
            "function": "aot_compile_func",
            "file": "core/iwasm/compilation/aot_compiler.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 56782.0,
            "function_hash": "152317691348336670136655130020663340"
        },
        "source": "https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1",
        "id": "CVE-2024-25431-59d5b4be",
        "signature_type": "Function",
        "target": {
            "function": "wasm_interp_call_func_bytecode",
            "file": "core/iwasm/interpreter/wasm_interp_classic.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "66707510982825538093785276339359496716",
                "228899657453185921058723371570298471574",
                "163628274412346932069816856944781106475",
                "149094945803520775491335008729345531320",
                "180818544860097971999484008712916337646",
                "1733434533670357057555624608459281291",
                "135558797007379101630927139887722803253",
                "161019281396869671563780597450738215449",
                "239157384232325263752919238913582311932",
                "280352577531237415839349898879511493287",
                "60117766176781126704681608098570106160",
                "138597073562227449290866815370686143149",
                "49816299575742615726193734349971476865",
                "275982784941769642048365952773061582799",
                "250465681864708056873892515072879612675",
                "196054753371705725002182905538794466369",
                "218031195387370531287009444323127699934",
                "4942710455027570734640799719142611085",
                "311965891895230819247170753743528585602"
            ]
        },
        "source": "https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1",
        "id": "CVE-2024-25431-5be847ce",
        "signature_type": "Line",
        "target": {
            "file": "core/iwasm/compilation/aot_compiler.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "192094946586752079338724872778210235210",
                "178442979023958751785718398434632242553",
                "24702415135227044912708584486495110947",
                "94353988128232384012848890189690442248",
                "43083207460244110902756370707468549253"
            ]
        },
        "source": "https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1",
        "id": "CVE-2024-25431-69128405",
        "signature_type": "Line",
        "target": {
            "file": "wamr-compiler/main.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "63604608778687069993877232120926900223",
                "285004674080819006612587056808096843762",
                "70814656170229483934823579058166453686",
                "207092496260657437576661164819374224522",
                "319227425975134145705831799051978941943",
                "237123559047794638841256023882716851392",
                "62299810987204757733815889017307198222",
                "259802413054815828989152440979076517112",
                "213818948337236915079709890238868520860"
            ]
        },
        "source": "https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1",
        "id": "CVE-2024-25431-6921ae51",
        "signature_type": "Line",
        "target": {
            "file": "core/iwasm/interpreter/wasm_interp_classic.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 9821.0,
            "function_hash": "156874282506301955190077686857681008764"
        },
        "source": "https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1",
        "id": "CVE-2024-25431-c3bf6ba0",
        "signature_type": "Function",
        "target": {
            "function": "wasm_loader_find_block_addr",
            "file": "core/iwasm/interpreter/wasm_mini_loader.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 10119.0,
            "function_hash": "137115340628122659472114883931749117074"
        },
        "source": "https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1",
        "id": "CVE-2024-25431-c6a6cc1f",
        "signature_type": "Function",
        "target": {
            "function": "main",
            "file": "wamr-compiler/main.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 62451.0,
            "function_hash": "218302588541753610064394272089176777571"
        },
        "source": "https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1",
        "id": "CVE-2024-25431-da10189a",
        "signature_type": "Function",
        "target": {
            "function": "wasm_loader_prepare_bytecode",
            "file": "core/iwasm/interpreter/wasm_loader.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "66707510982825538093785276339359496716",
                "106337629983674836086318985871856010908",
                "262047722507913646331890676122111836921",
                "120687547315704711985354691232062606095",
                "180818544860097971999484008712916337646",
                "1733434533670357057555624608459281291",
                "135558797007379101630927139887722803253",
                "161019281396869671563780597450738215449",
                "239157384232325263752919238913582311932",
                "280352577531237415839349898879511493287",
                "60117766176781126704681608098570106160"
            ]
        },
        "source": "https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1",
        "id": "CVE-2024-25431-f94bb402",
        "signature_type": "Line",
        "target": {
            "file": "core/iwasm/fast-jit/jit_frontend.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "210310050728587042736131595012909590016",
                "44097164153438529937445366698688198359",
                "149712868834339126682413335132562983135",
                "32860662549979036406473874284895851502",
                "113118127352463347756934767180624127999",
                "10275146382049674888833064500756329612",
                "290504262970370149892108135417240026867",
                "53796558056089980519777130193204055781",
                "284774658411343234717106921779700488512",
                "232503573518234016383262053530238309214",
                "154568000160133822852592326328134862574",
                "283099690888634312751642401683309174946",
                "322578067252692357238765751742142552378",
                "54328036409048427086108156832098222123",
                "232503573518234016383262053530238309214",
                "151181220774788549971952983004655012687",
                "228408980614789137243076134381214017726",
                "323428178922324415490439755536720744842"
            ]
        },
        "source": "https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1",
        "id": "CVE-2024-25431-fe32b6f2",
        "signature_type": "Line",
        "target": {
            "file": "core/iwasm/interpreter/wasm_loader.c"
        }
    }
]