5 matches found
CVE-2026-27572
creationtimestamp| type| source ---|---|--- 2026-02-25 01:07:57+00:00| seen| https://gist.github.com/alon710/bd9bec3189f368306143b31543aba768 2026-02-25 18:16:55+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfpc366gkj2d...
CVE-2026-27572
A flaw was found in Wasmtime, a runtime for WebAssembly. This vulnerability allows an attacker to cause a Denial of Service DoS by sending an excessive number of HTTP header fields. The Wasmtime implementation of the wasi:http/types.fields resource does not gracefully handle this condition, leadi...
CVE-2026-27572 Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance
Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the wasi:http/types.fields resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the wasmtime-wasi-http...
auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-27572 via wasmtime (>=0.10.0 <=1.0.2)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27572 Source advisory: OSV:GHSA-243V-98VX-264H...
auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-27572 via wasmtime (>=0.10.0 <=1.0.2)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27572 Source advisory: OSV:RUSTSEC-2026-0021...