Permalink
CVE-2025-15572
3.3 LOW
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
2 packages
- tests.buildRustCrate.tests.crateLibOutputsWasm32
- tests.buildRustCrate.tests.crateWasm32BinHyphens
wasm3 NewCodePage memory leak
A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer at the moment.
References
- VDB-344934 | wasm3 NewCodePage memory leak vdb-entry technical-description
- VDB-344934 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
- Submit #752765 | wasm3 main branch Resource Consumption third-party-advisory
- https://github.com/wasm3/wasm3/issues/550 issue-tracking
- https://github.com/oneafter/cve-proofs/blob/main/POC-20251203-07/repro exploit
- https://github.com/wasm3/wasm3/ product
Affected products
wasm3
- ==0.2
- ==0.1
- ==0.5.0
- ==0.3
- ==0.4
Package maintainers
-
@malbarbo Marco A L Barbosa <malbarbo@gmail.com>