Lucene search

GoogleOSV:RUSTSEC-2022-0075

HistoryNov 10, 2022 - 12:00 p.m.

Bug in pooling instance allocator

2022-11-1012:00:00

Google

osv.dev

bug

wasmtime

allocator

linear memory

heap snapshot

mitigations

software

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

48.7%

JSON

bug in Wasmtime’s implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance.

Mitigations are described here.

References

crates.io/crates/wasmtime

github.com/bytecodealliance/wasmtime/commit/2614f2e9d2d36805ead8a8da0fa0c6e0d9e428a0

github.com/bytecodealliance/wasmtime/commit/3535acbf3be032ef1ba0b469b8ab92538a8a18a6

github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf

rustsec.org/advisories/RUSTSEC-2022-0075.html

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

48.7%

JSON

Related for OSV:RUSTSEC-2022-0075