Bytecodealliance Webassembly Micro Runtime
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Bytecodealliance Webassembly Micro Runtime.
By the Year
In 2026 there have been 0 vulnerabilities in Bytecodealliance Webassembly Micro Runtime. Webassembly Micro Runtime did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 3 | 7.80 |
| 2023 | 2 | 6.50 |
It may take a day or so for new Webassembly Micro Runtime vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Bytecodealliance Webassembly Micro Runtime Security Vulnerabilities
Wasm-Micro-Runtime Privilege Escalation via ABI Check - November 2024
CVE-2024-25431
7.8 - High
- November 08, 2024
An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function.
Out-of-bounds Read
wasm-micro-runtime 2.0.0 OOB Read via block_type_get_arity
CVE-2024-34251
- May 06, 2024
An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "block_type_get_arity" function in core/iwasm/interpreter/wasm.h.
Heap Buffer Overflow in wasm-micro-runtime 2.0.0 (wasm_loader_check_br) DoS
CVE-2024-34250
- May 06, 2024
A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasm_loader_check_br" function in core/iwasm/interpreter/wasm_loader.c.
WAMR double free via push_pop_frame_ref_offset before 1.3.0
CVE-2023-52284
5.5 - Medium
- December 31, 2023
Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.
Double-free
Bytecode Alliance wasm-micro-runtime 1.2.3 Heap Overflow in wasm_loader_prepare
CVE-2023-48105
7.5 - High
- November 22, 2023
An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Bytecodealliance Webassembly Micro Runtime or by Bytecodealliance? Click the Watch button to subscribe.
