Source: wasmedge Version: 0.14.1+dfsg-4 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 0.14.1+dfsg-3.2 Control: found -1 0.14.1+dfsg-3.1
Hi, The following vulnerability was published for wasmedge. CVE-2025-69261[0]: | WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, | a multiplication in `WasmEdge/include/runtime/instance/memory.h` can | wrap, causing `checkAccessBound()` to incorrectly allow the access. | This leads to a segmentation fault. Version 0.16.0-alpha.3 contains | a patch for the issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-69261 https://www.cve.org/CVERecord?id=CVE-2025-69261 [1] https://github.com/WasmEdge/WasmEdge/security/advisories/GHSA-89fm-8mr7-gg4m [2] https://github.com/WasmEdge/WasmEdge/commit/37cc9fa19bd23edbbdaa9252059b17f191fa4d17 Regards, Salvatore
