Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-31146
HistoryJul 21, 2022 - 4:15 a.m.

CVE-2022-31146

2022-07-2104:15:11
CWE-416
[email protected]
web.nvd.nist.gov
44
3
wasmtime
cranelift
webassembly
cve-2022-31146
vulnerability
use-after-free
bug
runtime
garbage collection
mitigation

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.6%

JSON

Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime’s code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection. This means that if a GC happens at runtime then the GC pass will mistakenly think these functions do not have live references to GC’d values, reclaiming them and deallocating them. The function will then subsequently continue to use the values assuming they had not been GC’d, leading later to a use-after-free. This bug was introduced in the migration to the regalloc2 register allocator that occurred in the Wasmtime 0.37.0 release on 2022-05-20. This bug has been patched and users should upgrade to Wasmtime version 0.38.2. Mitigations for this issue can be achieved by disabling the reference types proposal by passing false to wasmtime::Config::wasm_reference_types or downgrading to Wasmtime 0.36.0 or prior.

Affected configurations

Vulners
NVD
Node
bytecodealliancewasmtimeRange0.37.00.38.2
OR
bytecodealliancewasmtimeRange0.84.00.85.2
VendorProductVersionCPE
bytecodealliancewasmtime*cpe:2.3:a:bytecodealliance:wasmtime:*:*:*:*:*:*:*:*
bytecodealliancewasmtime*cpe:2.3:a:bytecodealliance:wasmtime:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "wasmtime",
    "vendor": "bytecodealliance",
    "versions": [
      {
        "status": "affected",
        "version": ">= 0.37.0, < 0.38.2"
      },
      {
        "status": "affected",
        "version": ">= 0.84.0, < 0.85.2"
      }
    ]
  }
]

Social References

More

Related

osv 2
github 1
ubuntucve 1
prion 1
nvd 1
cvelist 1
osv
osv
Wasmtime vulnerable to Use After Free with `externref`s
2022-07-20 22:47:13
CVE-2022-31146
2022-07-21 04:15:11
github
github
Wasmtime vulnerable to Use After Free with `externref`s
2022-07-20 22:47:13
ubuntucve
ubuntucve
CVE-2022-31146
2022-07-21 00:00:00
prion
prion
Code injection
2022-07-21 04:15:00
nvd
nvd
CVE-2022-31146
2022-07-21 04:15:11
cvelist
cvelist
CVE-2022-31146 Use After Free in Wasmtime
2022-07-20 22:30:16

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.6%

JSON
Related for CVE-2022-31146
osv2github1ubuntucve1prion1nvd1cvelist1