WebAssembly Micro Runtime's `--addr-pool` option allows all IPv4 addresses when subnet mask is not specified

The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address that lacks a subnet mask, allowing the system to accept all IP addresses. This can unintentionally expose the service to all incoming connections and bypass intended access restrictions. Services relying on --addr-pool for restricting access by IP may unintentionally become open to all external connections. This may lead to unauthorized access in production deployments, especially when users assume that specifying an IP without a subnet mask implies a default secure configuration. This is fixed in version 2.4.1.

N/A

将资源暴露给错误范围

WebAssembly Micro Runtime 安全漏洞

WebAssembly Micro Runtime（WAMR）是Bytecode Alliance开源的一种轻量级的独立 WebAssembly 运行时。具有占用空间小、高性能和高度可配置的功能，适用于从嵌入式、物联网、边缘到可信执行环境 (TEE)、智能合约、云原生等应用程序。 WebAssembly Micro Runtime 2.4.0及之前版本存在安全漏洞，该漏洞源于--addr-pool参数使用不当，可能导致绕过访问限制。

N/A

N/A