2426683 – (CVE-2025-15411) CVE-2025-15411 wabt: WebAssembly wabt: Memory corruption vulnerability in wasm-decompile component

Bug 2426683 (CVE-2025-15411) - CVE-2025-15411 wabt: WebAssembly wabt: Memory corruption vulnerability in wasm-decompile component

Summary: CVE-2025-15411 wabt: WebAssembly wabt: Memory corruption vulnerability in was...

Keywords:
Status:	NEW
Alias:	CVE-2025-15411
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2429838 2429839
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-01 20:01 UTC by OSIDB Bzimport
Modified:	2026-01-14 23:39 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-01 20:01:17 UTC

A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.

Note You need to log in before you can comment on or make changes to this bug.