Lucene search
K

44 matches found

Debian CVE
Debian CVE
added 2022/02/16 10:0 p.m.8 views

CVE-2022-23636

Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...

8.1CVSS7.9AI score0.0076EPSS
Exploits1
OSV
OSV
added 2022/02/16 10:0 p.m.35 views

CVE-2022-23636 Invalid drop of partially-initialized instances in wasmtime

Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...

5.1CVSS7.5AI score0.0076EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/02/16 12:0 a.m.4 views

Wasmtime 缓冲区错误漏洞

Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. Wasmtime suffers from a buffer error vulnerability that stems from a bug in Wasmtime's pooled instance allocator, where failure to instantiate an instance for a module that defines an...

8.1CVSS7.9AI score0.0076EPSS
Exploits1References4
OSV
OSV
added 2021/09/20 7:54 p.m.23 views

GHSA-4873-36H9-WV49 Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime

Impact There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses externrefs, the host creates non-null externrefs, Wasmtime performs a garbage collection GC, and there has to ...

6.3CVSS6.5AI score0.00297EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2021/09/20 7:54 p.m.32 views

Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime

Impact There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses externrefs, the host creates non-null externrefs, Wasmtime performs a garbage collection GC, and there has to ...

6.3CVSS6.5AI score0.00291EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2021/09/20 7:54 p.m.36 views

GHSA-V4CP-H94R-M7XF Use after free passing `externref`s to Wasm in Wasmtime

Impact There was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a Wasm instance at the same time, either by passing multiple externrefs as arguments from host code to a Wasm...

6.3CVSS6.4AI score0.00297EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2021/09/20 7:54 p.m.28 views

Use after free passing `externref`s to Wasm in Wasmtime

Impact There was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a Wasm instance at the same time, either by passing multiple externrefs as arguments from host code to a Wasm...

6.3CVSS6.4AI score0.00297EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2021/09/17 9:15 p.m.15 views

CVE-2021-39218

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger thi...

6.3CVSS0.00291EPSS
Exploits0References5
PyPA
PyPA
added 2021/09/17 9:15 p.m.7 views

PYSEC-2021-321

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger thi...

6.3CVSS7.2AI score0.00291EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/09/17 9:15 p.m.16 views

Design/Logic Flaw

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger thi...

3.3CVSS6.3AI score0.00291EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2021/09/17 9:15 p.m.18 views

PYSEC-2021-321

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger thi...

6.3CVSS0.8AI score0.00297EPSS
Exploits0References3
NVD
NVD
added 2021/09/17 8:15 p.m.16 views

CVE-2021-39216

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...

6.3CVSS0.00297EPSS
Exploits0References5
OSV
OSV
added 2021/09/17 8:15 p.m.17 views

CVE-2021-39216

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...

6.3CVSS6.4AI score0.00295EPSS
Exploits0References5
OSV
OSV
added 2021/09/17 8:15 p.m.23 views

PYSEC-2021-320

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...

6.3CVSS0.9AI score0.00297EPSS
Exploits0References3
Prion
Prion
added 2021/09/17 8:15 p.m.18 views

Code injection

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...

3.3CVSS6.2AI score0.00297EPSS
Exploits0References5Affected Software2
PyPA
PyPA
added 2021/09/17 8:15 p.m.6 views

PYSEC-2021-320

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...

6.3CVSS7.1AI score0.00297EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2021/09/17 8:10 p.m.6 views

CVE-2021-39218

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger thi...

6.3CVSS6.6AI score0.00291EPSS
Exploits0
Cvelist
Cvelist
added 2021/09/17 8:10 p.m.33 views

CVE-2021-39218 Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger thi...

6.3CVSS6.7AI score0.00291EPSS
Exploits0References5
CVE
CVE
added 2021/09/17 8:10 p.m.106 views

CVE-2021-39218

Technical details about CVE-2021-39218 (affected Wasmtime versions 0.26.0–0.30.0, root cause, exploit paths, and fixes) are not provided in the supplied documents. Monitor for official disclosures and patches.

6.3CVSS6.5AI score0.00291EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2021/09/17 8:5 p.m.78 views

CVE-2021-39216

Wasmtime (pre-0.30.0) contains a use-after-free when passing multiple externref values from host to guest Wasm, potentially allowing a GC to reclaim the first externref and then reuse it after control returns to Wasm. Affected versions are 0.19.0–0.29.0; upgrading to Wasmtime 0.30.0 fixes the iss...

6.3CVSS6.4AI score0.00297EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder