Lucene search
K

11 matches found

SUSE CVE
SUSE CVE
added 2026/04/13 11:26 p.m.8 views

SUSE CVE-2026-34945

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...

6.3CVSS5.8AI score0.00324EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/10 3:31 p.m.3 views

EUVD-2026-21031

Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access...

9CVSS5.8AI score0.00278EPSS
Exploits0References3
OSV
OSV
added 2026/04/10 3:31 p.m.8 views

GHSA-XX5W-CVP6-JV83 Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access

Impact Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch compiler -Ccompiler=winch. By default, Wasmtime uses its Cranelift backend, not...

9.2CVSS5.8AI score0.00278EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/09 8:23 p.m.7 views

EUVD-2026-21024

Wasmtime has host data leakage with 64-bit tables and Winch...

2.3CVSS5.9AI score0.00324EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/09 8:23 p.m.11 views

Wasmtime has host data leakage with 64-bit tables and Winch

Impact Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the host's stack to WebAssembly guests. The host's stack can possibly contain sensitive...

6.5CVSS5.8AI score0.00324EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2026/04/09 7:16 p.m.3 views

CVE-2026-34946

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a vulnerability where the compilation of the table.fill instruction can result in a host panic. This means that a valid guest can be compiled with Winch, on any architecture...

7.5CVSS5.8AI score0.00358EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/09 7:16 p.m.2 views

CVE-2026-34987

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

9.9CVSS5.8AI score0.00278EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/09 6:40 p.m.6 views

CVE-2026-34945

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...

2.3CVSS5.9AI score0.00324EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/09 6:40 p.m.18 views

CVE-2026-34945 Wasmtime leaks host data with 64-bit tables and Winch

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...

2.3CVSS0.00324EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-35186

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backend contains a bug where translating the...

7.5CVSS5.5AI score0.00214EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31690

Name of the Vulnerable Software and Affected Versions Wasmtime versions 25.0.0 through 36.0.6, 42.0.2, and 43.0.1 Description Wasmtime, a runtime for WebAssembly, may allow guest WebAssembly code to access host memory outside of its designated sandbox when using the Winch compiler backend. This...

9CVSS6.4AI score0.00278EPSS
Exploits0References11
Rows per page
Query Builder