{"id":"CVE-2024-25431","details":"An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function.","modified":"2026-04-12T08:03:55.331349Z","published":"2024-11-08T17:15:06.023Z","references":[{"type":"ADVISORY","url":"https://gist.github.com/haruki3hhh/bd228e6dcaf8c18140e1074964912b39"},{"type":"FIX","url":"https://github.com/bytecodealliance/wasm-micro-runtime/issues/3122"},{"type":"FIX","url":"https://github.com/bytecodealliance/wasm-micro-runtime/pull/3126"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bytecodealliance/wasm-micro-runtime","events":[{"introduced":"0"},{"fixed":"2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.3.2"}]}}],"versions":["01-12-2020","WAMR-01-18-2022","WAMR-01-29-2021","WAMR-02-18-2020","WAMR-02-27-2020","WAMR-03-05-2020","WAMR-03-19-2020","WAMR-03-25-2021","WAMR-03-30-2020","WAMR-04-15-2020","WAMR-04-15-2021","WAMR-05-18-2022","WAMR-06-15-2020","WAMR-07-10-2020","WAMR-08-10-2021","WAMR-09-08-2020","WAMR-09-29-2020","WAMR-1.0.0","WAMR-1.1.0","WAMR-1.1.1","WAMR-1.1.2","WAMR-1.2.0","WAMR-1.2.1","WAMR-1.2.2","WAMR-1.2.3","WAMR-1.3.0","WAMR-1.3.1","WAMR-12-30-2021","tag-11-28-2019"],"database_specific":{"vanir_signatures":[{"deprecated":false,"target":{"file":"core/iwasm/fast-jit/jit_frontend.c","function":"jit_compile_func"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1","digest":{"length":22161,"function_hash":"308315927773981970701906387713461745998"},"id":"CVE-2024-25431-19e7bb33"},{"deprecated":false,"target":{"file":"core/iwasm/interpreter/wasm_loader.c","function":"wasm_loader_find_block_addr"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1","digest":{"length":12914,"function_hash":"245007478140718990670205887430587903080"},"id":"CVE-2024-25431-3076f33a"},{"deprecated":false,"target":{"file":"core/iwasm/interpreter/wasm_mini_loader.c"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1","digest":{"threshold":0.9,"line_hashes":["53513550805569191246674279969879609147","165357311987357927861583108694050580478","22482097818255548705428619037221091671","290416680676439225166966373182467276705","272173914833243899884482364715873009219","113118127352463347756934767180624127999","10275146382049674888833064500756329612","290504262970370149892108135417240026867","53796558056089980519777130193204055781","113118127352463347756934767180624127999","185363004196648890244794680125643929772","317130809186909563184898381116102583182","253684329043335375555735690195647963077","83260937038933113807956045955337018257","172721754525141588978481491884483638817","51435571607015390562119312055792164650","76798375443524136389684924657127012729","292045418200349890834280484419933282995","136885397619715068348593997951234195834","215929868964121736937597479991550511871","305102767582273794232345706739226607595"]},"id":"CVE-2024-25431-3baafa38"},{"deprecated":false,"target":{"file":"core/iwasm/interpreter/wasm_mini_loader.c","function":"wasm_loader_prepare_bytecode"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1","digest":{"length":42456,"function_hash":"106156297863865063013801467061769689114"},"id":"CVE-2024-25431-3c57dda0"},{"deprecated":false,"target":{"file":"core/iwasm/compilation/aot_compiler.c","function":"aot_compile_func"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1","digest":{"length":41642,"function_hash":"47004666749678022509072460659949333658"},"id":"CVE-2024-25431-514f6167"},{"deprecated":false,"target":{"file":"core/iwasm/interpreter/wasm_interp_classic.c","function":"wasm_interp_call_func_bytecode"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1","digest":{"length":56782,"function_hash":"152317691348336670136655130020663340"},"id":"CVE-2024-25431-59d5b4be"},{"deprecated":false,"target":{"file":"core/iwasm/compilation/aot_compiler.c"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1","digest":{"threshold":0.9,"line_hashes":["66707510982825538093785276339359496716","228899657453185921058723371570298471574","163628274412346932069816856944781106475","149094945803520775491335008729345531320","180818544860097971999484008712916337646","1733434533670357057555624608459281291","135558797007379101630927139887722803253","161019281396869671563780597450738215449","239157384232325263752919238913582311932","280352577531237415839349898879511493287","60117766176781126704681608098570106160","138597073562227449290866815370686143149","49816299575742615726193734349971476865","275982784941769642048365952773061582799","250465681864708056873892515072879612675","196054753371705725002182905538794466369","218031195387370531287009444323127699934","4942710455027570734640799719142611085","311965891895230819247170753743528585602"]},"id":"CVE-2024-25431-5be847ce"},{"deprecated":false,"target":{"file":"wamr-compiler/main.c"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1","digest":{"threshold":0.9,"line_hashes":["192094946586752079338724872778210235210","178442979023958751785718398434632242553","24702415135227044912708584486495110947","94353988128232384012848890189690442248","43083207460244110902756370707468549253"]},"id":"CVE-2024-25431-69128405"},{"deprecated":false,"target":{"file":"core/iwasm/interpreter/wasm_interp_classic.c"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1","digest":{"threshold":0.9,"line_hashes":["63604608778687069993877232120926900223","285004674080819006612587056808096843762","70814656170229483934823579058166453686","207092496260657437576661164819374224522","319227425975134145705831799051978941943","237123559047794638841256023882716851392","62299810987204757733815889017307198222","259802413054815828989152440979076517112","213818948337236915079709890238868520860"]},"id":"CVE-2024-25431-6921ae51"},{"deprecated":false,"target":{"file":"core/iwasm/interpreter/wasm_mini_loader.c","function":"wasm_loader_find_block_addr"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1","digest":{"length":9821,"function_hash":"156874282506301955190077686857681008764"},"id":"CVE-2024-25431-c3bf6ba0"},{"deprecated":false,"target":{"file":"wamr-compiler/main.c","function":"main"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1","digest":{"length":10119,"function_hash":"137115340628122659472114883931749117074"},"id":"CVE-2024-25431-c6a6cc1f"},{"deprecated":false,"target":{"file":"core/iwasm/interpreter/wasm_loader.c","function":"wasm_loader_prepare_bytecode"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1","digest":{"length":62451,"function_hash":"218302588541753610064394272089176777571"},"id":"CVE-2024-25431-da10189a"},{"deprecated":false,"target":{"file":"core/iwasm/fast-jit/jit_frontend.c"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1","digest":{"threshold":0.9,"line_hashes":["66707510982825538093785276339359496716","106337629983674836086318985871856010908","262047722507913646331890676122111836921","120687547315704711985354691232062606095","180818544860097971999484008712916337646","1733434533670357057555624608459281291","135558797007379101630927139887722803253","161019281396869671563780597450738215449","239157384232325263752919238913582311932","280352577531237415839349898879511493287","60117766176781126704681608098570106160"]},"id":"CVE-2024-25431-f94bb402"},{"deprecated":false,"target":{"file":"core/iwasm/interpreter/wasm_loader.c"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/bytecodealliance/wasm-micro-runtime/commit/2eb60060d8eb6556ebbe411b22ee7b15ba4f7ec1","digest":{"threshold":0.9,"line_hashes":["210310050728587042736131595012909590016","44097164153438529937445366698688198359","149712868834339126682413335132562983135","32860662549979036406473874284895851502","113118127352463347756934767180624127999","10275146382049674888833064500756329612","290504262970370149892108135417240026867","53796558056089980519777130193204055781","284774658411343234717106921779700488512","232503573518234016383262053530238309214","154568000160133822852592326328134862574","283099690888634312751642401683309174946","322578067252692357238765751742142552378","54328036409048427086108156832098222123","232503573518234016383262053530238309214","151181220774788549971952983004655012687","228408980614789137243076134381214017726","323428178922324415490439755536720744842"]},"id":"CVE-2024-25431-fe32b6f2"}],"vanir_signatures_modified":"2026-04-12T08:03:55Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25431.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}