CVE-2025-69261

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-69261

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69261.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-69261

Aliases

GHSA-89fm-8mr7-gg4m

Downstream

DEBIAN-CVE-2025-69261

UBUNTU-CVE-2025-69261

Published

2025-12-30T19:43:59.746Z

Modified

2026-01-02T21:57:53.869905Z

Severity

5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator

Summary

WasmEdge integer wrap in MemoryInstance::getSpan()'s memory size check

Details

WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in WasmEdge/include/runtime/instance/memory.h can wrap, causing checkAccessBound() to incorrectly allow the access. This leads to a segmentation fault. Version 0.16.0-alpha.3 contains a patch for the issue.

Database specific

{
    "cwe_ids": [
        "CWE-190"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/69xxx/CVE-2025-69261.json"
}

References

Affected packages

Git / github.com/wasmedge/wasmedge

Affected ranges

Type: GIT
Repo: https://github.com/wasmedge/wasmedge
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7d654456d9459a221590427ca6170ac2e8a7de8f

Affected versions

0.*

0.1.0

0.10.0

0.10.0-alpha.1

0.10.0-alpha.2

0.10.0-rc.1

0.10.1

0.10.1-alpha.1

0.10.1-alpha.2

0.10.1-alpha.3

0.10.1-rc.1

0.11.0

0.11.0-alpha.1

0.11.0-rc.1

0.11.1

0.11.1-alpha.1

0.11.1-rc.1

0.11.2

0.11.2-alpha.1

0.11.2-rc.1

0.11.2-rc.2

0.11.2-rc.3

0.12.0

0.12.0-alpha.1

0.12.0-alpha.2

0.12.1

0.13.0

0.13.0-alpha.1

0.13.1

0.13.2

0.13.3

0.13.4

0.13.5

0.14.0

0.14.0-alpha.1

0.14.0-alpha.2

0.14.0-alpha.3

0.14.0-alpha.4

0.14.0-rc.1

0.14.0-rc.2

0.14.0-rc.3

0.14.0-rc.4

0.14.0-rc.5

0.14.1

0.14.1-beta.1

0.14.1-beta.2

0.14.1-rc.1

0.14.1-rc.2

0.14.1-rc.3

0.14.1-rc.4

0.14.1-rc.5

0.15.0

0.15.0-alpha.1

0.15.0-alpha.2

0.15.0-alpha.3

0.15.0-alpha.4

0.15.0-rc.1

0.16.0-alpha.1

0.16.0-alpha.2

0.2.0

0.3.0

0.3.1

0.4.0

0.5.0

0.5.1

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.6.9

0.7.0

0.7.1

0.7.2

0.7.3

0.8.0

0.8.1

0.8.2

0.8.2-rc.1

0.8.2-rc.2

0.8.2-rc.3

0.8.2-rc.4

0.8.2-rc.5

0.9.0

0.9.0-rc.1

0.9.0-rc.2

0.9.0-rc.3

0.9.0-rc.4

0.9.0-rc.5

0.9.1

0.9.1-alpha.1

0.9.1-beta.1

0.9.1-beta.2

0.9.1-rc.1

rust-macro/0.*

rust-macro/0.1.0

rust-macro/0.2.0

rust-macro/0.2.1

rust-macro/0.3.0

rust-sdk/0.*

rust-sdk/0.1.0

rust-sdk/0.2.0

rust-sdk/0.3.0

rust-sdk/0.4.0

rust-sdk/0.5.0

rust-sdk/0.6.0

rust-sdk/0.7.0

rust-sdk/0.8.0

rust-sdk/0.8.1

rust-types/0.*

rust-types/0.1.0

rust-types/0.1.1

rust-types/0.1.2

rust-types/0.1.3

rust-types/0.2.0

rust-types/0.2.1

rust-types/0.3.0

rust-types/0.3.1

rust-types/0.4.1

rust/0.*

rust/0.10.0

rust/0.11.0

rust/0.12.0

rust/0.13.1

rust/0.2.1

rust/0.2.2

rust/0.3.0

rust/0.5.0

rust/0.7.0

rust/0.8.0

rust/0.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69261.json"