View at Official debian advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2025-69261 not yet assigned priority: Debian including 1 source packages (wasmedge), 3 status rows across 3 suites (forky, sid, trixie): resolved 2, open 1.
WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in `WasmEdge/include/runtime/instance/memory.h` can wrap, causing `checkAccessBound()` to incorrectly allow the access. This leads to a segmentation fault. Version 0.16.0-alpha.3 contains a patch for the issue.