10 matches found
SUSE CVE-2024-51745
Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits,...
CVE-2024-51745
A flaw was found in the Wasmtime package. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on. However, it did not block access to the special device filenames that use superscript digits, such as...
auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2024-51745 via wasmtime (>=0.10.0 <=1.0.2)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2024-51745 Source advisory: OSV:GHSA-C2F5-JXJV-2HH8...
CVE-2024-51745 vulnerabilities
Vulnerabilities for packages: wasmtime, zed, wash, wasmcloud, wizer...
CVE-2024-51745 vulnerabilities
Vulnerabilities for packages: wizer, zed, wash, wasmtime, wasmcloud...
CVE-2024-51745
Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits,...
CVE-2024-51745
creationtimestamp| type| source ---|---|--- 2024-11-05 21:19:10+00:00| seen| https://infosec.exchange/users/cve/statuses/113432431807385293 2024-11-05 23:56:26+00:00| seen| https://t.me/cvedetector/9954...
CVE-2024-51745
Wasmtime on Windows had a sandbox bypass where filenames with superscript digits (e.g., COM¹, LPT⁰) were not blocked, allowing untrusted Wasm code with filesystem access to reach devices and peripherals via special device filenames. Affected software: Wasmtime’s Windows filesystem sandbox. Root c...
CVE-2024-51745 Wasmtime doesn't fully sandbox all the Windows device filenames
Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits,...
auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2024-51745 via wasmtime (>=0.10.0 <=1.0.2)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2024-51745 Source advisory: OSV:RUSTSEC-2024-0438...