CVE-2025-64704

CVE-2025-64704

Name

CVE-2025-64704

Description

WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, WAMR is susceptible to a segmentation fault in v128.store instruction. This issue has been patched in version 2.4.4.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/bytecodealliance/wasm-micro-runtime/releases/tag/WAMR-2.4.4
CONFIRM	https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-2f2p-wf5w-82qr

Type

URI

MISC

https://github.com/bytecodealliance/wasm-micro-runtime/releases/tag/WAMR-2.4.4

CONFIRM

https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-2f2p-wf5w-82qr

Match rules

CPE URI	Source package	Min version	Max version
	wasm-micro-runtime	>= 0	< 2.4.4
`cpe:2.3:a:bytecodealliance:webassembly_micro_runtime::::::::`	webassembly_micro_runtime	>= None	< 2.4.4

CPE URI

Source package

Min version

Max version

wasm-micro-runtime

>= 0

< 2.4.4

cpe:2.3:a:bytecodealliance:webassembly_micro_runtime:*:*:*:*:*:*:*:*

webassembly_micro_runtime

>= None

< 2.4.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
wasm-micro-runtime	edge-community	2.3.0-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
wasm-micro-runtime	edge-community	2.3.0-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
wasm-micro-runtime	3.22-community	2.3.0-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

wasm-micro-runtime

edge-community

2.3.0-r1

Jakub Jirutka <jakub@jirutka.cz>

possibly vulnerable

wasm-micro-runtime

edge-community