4 matches found
SUSE CVE-2026-34941
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a vulnerability where when transcoding a UTF-16 string to the latin1+utf16 component-model encoding it would incorrectly validate the byte length of the input string when performing a bounds chec...
CVE-2026-34941
A flaw was found in Wasmtime, a runtime for WebAssembly. When transcoding a UTF-16 string to the latin1+utf16 component-model encoding, Wasmtime incorrectly validates the byte length of the input string, checking the number of code units instead of the actual byte length. This vulnerability can...
CVE-2026-34942
Wasmtime VM exposes a DoS risk due to a panic-triggering path when transcoding strings into utf16/latin1+utf16. Root cause: alignment verification for reallocated strings was improper, allowing unaligned pointers to be passed to the host by a malicious guest. Affected versions prior to fixed rele...
PT-2026-31680
Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 Description Wasmtime contains an issue where transcoding a UTF-16 string to the latin1+utf16 component-model encoding incorrectly validates the byte length of the input string durin...