CVE-2024-30266
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bytecodealliance | wasmtime | 19.0.0 | cpe:2.3:a:bytecodealliance:wasmtime:19.0.0:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "bytecodealliance",
"product": "wasmtime",
"versions": [
{
"version": "= 19.0.0",
"status": "affected"
}
]
}
]References
github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664
github.com/bytecodealliance/wasmtime/issues/8281
github.com/bytecodealliance/wasmtime/pull/8018
github.com/bytecodealliance/wasmtime/pull/8283
github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5
Social References
More
Related
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%