Bug 2373935 (CVE-2025-6275)

Summary: CVE-2025-6275 wabt: WebAssembly wabt use after free
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: gotiwari, jhorak, mvyas, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A use-after-free vulnerability has been discovered in WebAssembly's WebAssembly Binary Toolkit (wabt), specifically within the GetFuncOffset function. This flaw can be triggered by an attacker with local system access through the manipulation of input provided to this function. Successful exploitation of a use-after-free vulnerability can lead to memory corruption, allowing for arbitrary code execution or a denial of service condition.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2374059, 2374064    
Bug Blocks:    

Description OSIDB Bzimport 2025-06-19 20:01:13 UTC 
A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.
Comment 2 Dominik 'Rathann' Mierzejewski 2025-06-25 11:09:54 UTC 
Upstream report: https://github.com/WebAssembly/wabt/issues/2614 .