CVE-2025-15412

A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.

References

Affected packages

Git / github.com/webassembly/wabt

Affected ranges

Type

GIT

Repo

https://github.com/webassembly/wabt

Events

Introduced

Last affected

ad75c5edcdff96d73c245b57fbc07607aaca9f95

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.39"
        }
    ]
}

Affected versions

1.*

1.0.0

1.0.1

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.18

1.0.19

1.0.2

1.0.20

1.0.21

1.0.22

1.0.23

1.0.24

1.0.25

1.0.26

1.0.27

1.0.28

1.0.29

1.0.3

1.0.30

1.0.31

1.0.32

1.0.33

1.0.34

1.0.35

1.0.36

1.0.37

1.0.38

1.0.39

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

Other

binary_0xa

binary_0xb

binary_0xc

binary_0xd

gh-actions-test

gh-actions-test2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15412.json"