CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added 2026/04/10 3:32 p.m.•4 views

Wasmtime has improperly masked return value from `table.grow` with Winch compiler backend

Impact Wasmtime's Winch compiler backend contains a bug where translating the table.grow operator causes the result to be incorrectly typed. For 32-bit tables this means that the result of the operator, internally in Winch, is tagged as a 64-bit value instead of a 32-bit value. This invalid...

7.5CVSS5.7AI score0.00054EPSS

Exploits0References4Affected Software1

EUVD•added 2026/04/10 3:32 p.m.•3 views

EUVD-2026-21037

Wasmtime has improperly masked return value from table.grow with Winch compiler backend...

6.1CVSS5.8AI score0.00054EPSS

OSV•added 2026/04/10 3:32 p.m.•2 views

GHSA-F984-PCP8-V2P7 Wasmtime has improperly masked return value from `table.grow` with Winch compiler backend

6.1CVSS5.7AI score0.00054EPSS

Exploits0References4

RedhatCVE•added 2026/04/09 11:4 p.m.•2 views

CVE-2026-35186

A flaw was found in Wasmtime, a runtime for WebAssembly. The Winch compiler backend incorrectly handles the table.grow operator, leading to an internal type mismatch. This can result in a Denial of Service DoS, where the host process crashes. Additionally, under specific configurations with...

NVD•added 2026/04/09 7:16 p.m.•1 views

Exploits0References4

CVE-2026-35186

7.5CVSS0.00054EPSS

OSV•added 2026/04/09 7:16 p.m.•0 views

DEBIAN-CVE-2026-35186

6.1CVSS5.4AI score0.00054EPSS

OSV•added 2026/04/09 7:16 p.m.•2 views

UBUNTU-CVE-2026-35186

7.5CVSS5.7AI score0.00054EPSS

UbuntuCve•added 2026/04/09 7:16 p.m.•1 views

CVE-2026-35186

7.5CVSS5.7AI score0.00054EPSS

Exploits0References2

Cvelist•added 2026/04/09 6:54 p.m.•18 views

CVE-2026-35186 Wasmtime has an improperly masked return value from `table.grow` with Winch compiler backend

6.1CVSS0.00054EPSS

Vulnrichment•added 2026/04/09 6:54 p.m.•2 views

CVE-2026-35186 Wasmtime has an improperly masked return value from `table.grow` with Winch compiler backend

6.1CVSS5.7AI score0.00054EPSS

ATTACKERKB•added 2026/04/09 6:54 p.m.•3 views

CVE-2026-35186

6.1CVSS5.8AI score0.00054EPSS

Exploits0References2Affected Software1

CVE•added 2026/04/09 6:54 p.m.•5 views

CVE-2026-35186

Wasmtime vulnerable due to a Winch backend bug in table.grow (affecting 32-bit tables) that could mis-interpret the result and allow reads/writes to the 16 bytes before linear memory, causing DoS and potential host-data leakage. Affected versions: Wasmtime 25.0.0 up to before 36.0.7, 42.0.2, and ...

Exploits0References1Affected Software1

RustSec•added 2026/04/09 12:0 p.m.•4 views

Improperly masked return value from `table.grow` with Winch compiler backend

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-f984-pcp8-v2p7 For more information see the GitHub-hosted security advisory...

7.5CVSS5.9AI score0.00054EPSS

Exploits0Affected Software1

OSV•added 2026/04/09 12:0 p.m.•0 views

RUSTSEC-2026-0094 Improperly masked return value from `table.grow` with Winch compiler backend

6.1CVSS5.8AI score0.00054EPSS

CNNVD•added 2026/04/09 12:0 a.m.•2 views

wasmtime 安全漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions of Wastime prior to 36.0.7, 42.0.2, and 43.0.1 contained security vulnerabilities. These vulnerabilities were caused by an error in the Winch compiler backend, which incorrectly interpreted the table.grow...

Positive Technologies•added 2026/04/09 12:0 a.m.•2 views

PT-2026-31692

Name of the Vulnerable Software and Affected Versions Wasmtime versions 25.0.0 through 36.0.6, 42.0.2, and 43.0.1 Description Wasmtime, a runtime for WebAssembly, has an issue in its Winch compiler backend where the translation of the table.grow operator results in an incorrect type. Specifically...