Lucene search
K

95 matches found

OSV
OSV
added 2021/09/17 9:15 p.m.15 views

CVE-2021-39218

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger thi...

6.3CVSS6.4AI score0.0035EPSS
Exploits0References5
Prion
Prion
added 2021/09/17 9:15 p.m.16 views

Design/Logic Flaw

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger thi...

3.3CVSS6.3AI score0.00291EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2021/09/17 9:15 p.m.19 views

PYSEC-2021-321

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger thi...

6.3CVSS0.8AI score0.0035EPSS
Exploits0References3
NVD
NVD
added 2021/09/17 8:15 p.m.16 views

CVE-2021-39216

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...

6.3CVSS0.00297EPSS
Exploits0References5
OSV
OSV
added 2021/09/17 8:15 p.m.18 views

CVE-2021-39219

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should...

6.3CVSS6.3AI score0.00297EPSS
Exploits0References5
Prion
Prion
added 2021/09/17 8:15 p.m.18 views

Code injection

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...

3.3CVSS6.2AI score0.00297EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2021/09/17 8:15 p.m.23 views

PYSEC-2021-320

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...

6.3CVSS0.9AI score0.0035EPSS
Exploits0References3
OSV
OSV
added 2021/09/17 8:15 p.m.20 views

PYSEC-2021-322

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should...

6.3CVSS1.4AI score0.0035EPSS
Exploits0References3
CVE
CVE
added 2021/09/17 8:10 p.m.108 views

CVE-2021-39218

Technical details about CVE-2021-39218 (affected Wasmtime versions 0.26.0–0.30.0, root cause, exploit paths, and fixes) are not provided in the supplied documents. Monitor for official disclosures and patches.

6.3CVSS6.5AI score0.00291EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2021/09/17 8:10 p.m.53 views

CVE-2021-39218 Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger thi...

6.3CVSS6.7AI score0.00291EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/09/17 8:10 p.m.38 views

CVE-2021-39219 Wrong type for `Linker`-define functions when used across two `Engine`s

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should...

6.3CVSS6.5AI score0.0035EPSS
Exploits0References5
CVE
CVE
added 2021/09/17 8:10 p.m.92 views

CVE-2021-39219

Technical details about CVE-2021-39219 are not publicly provided in the connected documents. Monitor for updates from official advisories; the supplied sources do not enumerate affected products/versions or fixes beyond the initial description.

6.3CVSS6.3AI score0.0035EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2021/09/17 8:5 p.m.77 views

CVE-2021-39216 Use after free passing `externref`s to Wasm in Wasmtime

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...

6.3CVSS6.6AI score0.00297EPSS
Exploits0References5
CVE
CVE
added 2021/09/17 8:5 p.m.79 views

CVE-2021-39216

Wasmtime (pre-0.30.0) contains a use-after-free when passing multiple externref values from host to guest Wasm, potentially allowing a GC to reclaim the first externref and then reuse it after control returns to Wasm. Affected versions are 0.19.0–0.29.0; upgrading to Wasmtime 0.30.0 fixes the iss...

6.3CVSS6.4AI score0.00297EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2021/08/25 9:1 p.m.5 views

aquamarine-vm (>=0.1.0 <=0.5.2), ashpaper-plus (>=0.5.0 <=0.5.1) +140 more potentially affected by CVE-2021-32629 via cranelift-codegen (>=0.14.0 <=0.72.0)

cranelift-codegen CARGO version =0.14.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =0.2.9, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.26.1, =0.13.2, =0.8.0, =0.14.0, =0.14.0, =0.66.0 and more Source cves: CVE-2021-32629 Source advisory: OSV:GHSA-HPQH-2WQX-7QP5...

8.8CVSS7.2AI score0.00455EPSS
Exploits1
Rows per page
Query Builder