CVE-2025-6272 | THREATINT

Description

A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3_compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

In wasm3 0.5.0 wurde eine problematische Schwachstelle gefunden. Das betrifft die Funktion MarkSlotAllocated der Datei source/m3_compile.c. Durch das Manipulieren mit unbekannten Daten kann eine out-of-bounds write-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-06-19 | Published 2025-06-19 | Updated 2025-06-19 | Assigner VulDB

MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

LOW: 3.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

1.7AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR

Problem types

Out-of-bounds Write

Memory Corruption

Timeline

2025-06-19:	Advisory disclosed
2025-06-19:	VulDB entry created
2025-06-19:	VulDB entry last update

Credits

JJLeo (VulDB User) reporter

References

vuldb.com/?id.313276 (VDB-313276 | wasm3 m3_compile.c MarkSlotAllocated out-of-bounds write) vdb-entry technical-description

vuldb.com/?ctiid.313276 (VDB-313276 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.593008 (Submit #593008 | wasm3 wasm3 v0.5.0 (commit 79d412e) Out-of-bounds Write) third-party-advisory

github.com/wasm3/wasm3/issues/531 issue-tracking

github.com/user-attachments/files/19516600/wasm3_crash.txt exploit

cve.org (CVE-2025-6272)

nvd.nist.gov (CVE-2025-6272)

Download JSON