Lucene search
+L

523 matches found

OSV
OSV
added 2026/04/10 3:31 p.m.8 views

GHSA-XX5W-CVP6-JV83 Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access

Impact Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch compiler -Ccompiler=winch. By default, Wasmtime uses its Cranelift backend, not...

9.2CVSS5.8AI score0.00278EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/09 11:11 p.m.6 views

CVE-2026-34971

A flaw was found in Wasmtime, a runtime for WebAssembly. On aarch64 systems, a miscompilation bug in Wasmtime's Cranelift backend can be exploited by a guest WebAssembly module. This vulnerability allows the module to bypass memory bounds checks, enabling arbitrary read and write operations on th...

9CVSS5.9AI score0.00319EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/09 10:41 p.m.5 views

CVE-2026-34987

A flaw was found in Wasmtime, a runtime for WebAssembly. When using its non-default Winch compiler backend, a properly constructed guest WebAssembly Wasm module can exploit an incorrect assumption in how memory offsets are handled. This allows the guest Wasm to access host memory outside its...

9.9CVSS6.1AI score0.00278EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/09 8:23 p.m.14 views

Wasmtime: Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift

Impact Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a guest WebAssembly module this can create a situation where there are two diverging...

9CVSS5.9AI score0.00319EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/09 8:23 p.m.6 views

GHSA-JHXM-H53P-JM7W Wasmtime: Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift

Impact Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a guest WebAssembly module this can create a situation where there are two diverging...

9CVSS5.9AI score0.00319EPSS
Exploits0References4
NVD
NVD
added 2026/04/09 7:16 p.m.5 views

CVE-2026-34987

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

9.9CVSS0.00278EPSS
Exploits0References1
OSV
OSV
added 2026/04/09 7:16 p.m.3 views

DEBIAN-CVE-2026-34987

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

9.9CVSS5.5AI score0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/04/09 7:16 p.m.3 views

CVE-2026-34971

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...

9CVSS0.00319EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/09 7:16 p.m.4 views

CVE-2026-34987

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

9.9CVSS5.8AI score0.00278EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/09 7:16 p.m.4 views

CVE-2026-34971

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...

9CVSS6AI score0.00319EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 7:16 p.m.6 views

UBUNTU-CVE-2026-34971

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...

9CVSS6AI score0.00319EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 6:55 p.m.6 views

CVE-2026-35195

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest component's realloc is not validated before the host attempts to write through the pointer. This...

6.1CVSS6AI score0.00216EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/09 6:55 p.m.18 views

CVE-2026-35195 Wasmtime has an out-of-bounds write or crash when transcoding component model strings

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest component's realloc is not validated before the host attempts to write through the pointer. This...

6.1CVSS0.00216EPSS
Exploits0References1
OSV
OSV
added 2026/04/09 6:55 p.m.2 views

CVE-2026-35195 Wasmtime has an out-of-bounds write or crash when transcoding component model strings

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest component's realloc is not validated before the host attempts to write through the pointer. This...

6.1CVSS6AI score0.00216EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/09 6:54 p.m.26 views

CVE-2026-35186 Wasmtime has an improperly masked return value from `table.grow` with Winch compiler backend

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backend contains a bug where translating the table.grow operator causes the result to be incorrectly typed. For 32-bit tables this means that the result of the operator, internally i...

6.1CVSS0.00214EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 6:48 p.m.2 views

CVE-2026-34987

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

9CVSS6AI score0.00278EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/09 6:48 p.m.95 views

CVE-2026-34987

Wasmtime (WebAssembly runtime) with the Winch baseline compiler backend on aarch64 is vulnerable. From 25.0.0 up to but not including 36.0.7, 42.0.2, and 43.0.1, using -Ccompiler=winch may allow a guest Wasm to access host memory outside the linear-memory sandbox. The aarch64 variant has an obser...

9.9CVSS6AI score0.00278EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 6:48 p.m.4 views

CVE-2026-34987 Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

9CVSS5.8AI score0.00278EPSS
Exploits0References1
OSV
OSV
added 2026/04/09 6:48 p.m.1 views

CVE-2026-34987 Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

9CVSS6AI score0.00278EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 6:45 p.m.35 views

CVE-2026-34971

Wasmtime’s Cranelift backend on the aarch64 path contains a miscompile of a specific load pattern (load(iadd(base, ishl(index, amt)))) that can diverge between bounds checking and loading, enabling an arbitrary read/write of host memory and thus a sandbox escape for guest WebAssembly. Affected ra...

9CVSS6.1AI score0.00319EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder