{"id":"CVE-2025-2368","details":"A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.","modified":"2026-03-20T12:41:24.815725Z","published":"2025-03-17T08:15:11.493Z","references":[{"type":"ADVISORY","url":"https://vuldb.com/?submit.515327"},{"type":"ADVISORY","url":"https://vuldb.com/?id.299867"},{"type":"REPORT","url":"https://github.com/WebAssembly/wabt/issues/2537"},{"type":"REPORT","url":"https://github.com/WebAssembly/wabt/issues/2556"},{"type":"REPORT","url":"https://github.com/WebAssembly/wabt/issues/2556#issue-2899598349"},{"type":"REPORT","url":"https://github.com/WebAssembly/wabt/pull/2541"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.299867"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/webassembly/wabt","events":[{"introduced":"0"},{"last_affected":"3e826ecde1adfba5f88d10d361131405637e65a3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.36"}]}}],"versions":["1.0.0","1.0.1","1.0.10","1.0.11","1.0.12","1.0.13","1.0.14","1.0.15","1.0.16","1.0.17","1.0.18","1.0.19","1.0.2","1.0.20","1.0.21","1.0.22","1.0.23","1.0.24","1.0.25","1.0.26","1.0.27","1.0.28","1.0.29","1.0.3","1.0.30","1.0.31","1.0.32","1.0.33","1.0.34","1.0.35","1.0.36","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","binary_0xa","binary_0xb","binary_0xc","binary_0xd","gh-actions-test","gh-actions-test2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-2368.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}