CVE-2025-6272
BaseFortify
Publication date: 2025-06-19
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wasm3_project | wasm3 | 0.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6272 is an out-of-bounds write vulnerability in wasm3 version 0.5.0, specifically in the function MarkSlotAllocated within the source file m3_compile.c. This flaw is caused by an array index error that leads to writing outside the allocated memory buffer, resulting in a segmentation fault (SEGV). It occurs during the compilation process of WebAssembly modules and can be triggered by specially crafted input. The vulnerability causes a memory safety issue that can crash the interpreter or potentially allow further exploitation. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by causing a denial of service (DoS) condition due to a segmentation fault triggered by out-of-bounds memory writes. An attacker with local access can exploit this flaw by providing crafted input to crash the wasm3 interpreter. The issue affects the availability of the affected system. There is also a potential risk of arbitrary code execution, although the primary impact is crashing the application. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by reproducing the crash using fuzzing tests with AddressSanitizer enabled. Specifically, compiling wasm3 with AddressSanitizer and fuzzing engine flags, then running the fuzzer executable with specially crafted input files can trigger the segmentation fault caused by the out-of-bounds write in the MarkSlotAllocated function. There are no specific network detection commands since the exploit requires local access. Detection involves running the fuzzing harness (e.g., LLVMFuzzerTestOneInput) against wasm3 0.5.0 binaries to observe crashes or memory violations. [3]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been identified for this vulnerability. It is suggested to consider using alternative products or versions of wasm3 that are not affected by this issue. Since the exploit requires local access, restricting local access to vulnerable systems and monitoring for suspicious activity may help reduce risk until a fix is available. [2]