wasmtime vulnerable to guest-controlled out-of-bounds read/write on x86_64

🗓️ 09 Mar 2023 00:10:53Reported by GitHub Advisory DatabaseType

github

github🔗 github.com👁 31 Views

Wasmtime x86_64 out-of-bounds read/write vulnerabilit

Reporter	Title	Published	Views	Family All 23
Chainguard	CVE-2023-26489 vulnerabilities	8 Mar 202320:15	–	cgr
Circl	CVE-2023-26489	9 Mar 202308:43	–	circl
CNNVD	Wasmtime 缓冲区错误漏洞	8 Mar 202300:00	–	cnnvd
CVE	CVE-2023-26489	8 Mar 202319:59	–	cve
Cvelist	CVE-2023-26489 Guest-controlled out-of-bounds read/write on x86_64 in wasmtime	8 Mar 202319:59	–	cvelist
Debian CVE	CVE-2023-26489	8 Mar 202319:59	–	debiancve
EUVD	EUVD-2023-0998	3 Oct 202520:07	–	euvd
NVD	CVE-2023-26489	8 Mar 202320:15	–	nvd
OSV	CGA-M5C2-CQ7F-2WFV	6 Jun 202412:28	–	osv
OSV	CGA-P2J8-WV3V-795F	29 Jan 202600:50	–	osv

Vulners

Node

bytecodealliance cranelift-codegenRange0.93.0–0.93.1rust

OR

bytecodealliance cranelift-codegenRange0.92.0–0.92.1rust

OR

bytecodealliance cranelift-codegenRange0.84.0–0.91.1rust

OR

bytecodealliance wasmtimeRange6.0.0–6.0.1rust

OR

bytecodealliance wasmtimeRange5.0.0–5.0.1rust

OR

bytecodealliance wasmtimeRange0.37.0–4.0.1rust

Source	Link
github	www.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ff4p-7xrq-q5r8
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-26489
github	www.github.com/bytecodealliance/wasmtime/commit/63fb30e4b4415455d47b3da5a19d79c12f4f2d1f
docs	www.docs.rs/wasmtime/latest/wasmtime/struct.Config.html
docs	www.docs.rs/wasmtime/latest/wasmtime/struct.Config.html
groups	www.groups.google.com/a/bytecodealliance.org/g/sec-announce/c/Mov-ItrNJsQ
rustsec	www.rustsec.org/advisories/RUSTSEC-2023-0090.html
github	www.github.com/advisories/GHSA-ff4p-7xrq-q5r8

02 May 2025 12:52Current

9.6High risk

Vulners AI Score9.6

CVSS 3.19.9

EPSS0.02647

SSVC

CWE-125 CWE-787

wasmtime cranelift x86_64 memory access vulnerability patch mitigation