17 matches found
GHSA-6WGR-89RJ-399P Wasmtime has data leakage between pooling allocator instances
Impact Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance to the next. The implementation of resetting the virtual memory permissions for linear memory used the wrong predicate to determin...
amaranth-yosys (>=0.10.0.dev47 <=0.40.0.0.post93), astyle-py (>=1.0.0 <=1.0.5) +28 more potentially affected by CVE-2026-34983 via wasmtime (>=10.0.1 <=1.0.1)
wasmtime PYPI version =10.0.1, =0.10.0.dev47, =1.0.0, =0.1.6a1, =1.0.0b140, =0.0.0, =1.0.0b0, =0.1.0a2, =0.1.0a1, =0.1.0a2, =0.1.0a2, =0.3.7, =0.1.0, =0.2.0, =0.4.0.post20.dev360, =0.4.0.post20.dev360, =0.5.0.dev381 and more Source cves: CVE-2026-34983 Source advisory: OSV:PYSEC-2026-151...
amaranth-yosys (>=0.9.0.post3746.dev41 <=0.10.0.dev46), astyle-py (>=0.9.0 <=0.9.1) +17 more potentially affected by CVE-2026-34983 via wasmtime (>=0.18.2 <=0.40.0)
wasmtime PYPI version =0.18.2, =0.9.0.post3746.dev41, =0.9.0, =0.9.0.post3527.dev26, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post3694.dev181, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1,...
auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +106 more potentially affected by CVE-2026-34942 via wasmtime (>=0.10.0 <=1.0.2)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-34942 Source advisory: OSV:RUSTSEC-2026-0092...
assemblylift-cli (>=0.4.0-alpha.5 <=0.4.0-alpha.11), assemblylift-core (>=0.4.0-alpha.10 <=0.4.0-alpha.11) +109 more potentially affected by CVE-2026-34946 via wasmtime (>=0.10.0 <=2.0.2)
wasmtime CARGO version =0.10.0, =0.4.0-alpha.5, =0.4.0-alpha.10, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.44.0 and more Source cves: CVE-2026-34946 Source advisory: OSV:RUSTSEC-2026-0089...
PT-2025-46722
Name of the Vulnerable Software and Affected Versions Wasmtime versions 24.0.0 through 24.0.4 Wasmtime versions 36.0.0 through 36.0.2 Wasmtime versions 37.0.0 through 37.0.2 Wasmtime versions 38.0.0 through 38.0.3 Description Wasmtime’s Rust embedder API has an issue where a WebAssembly shared...
Linux Distros Unpatched Vulnerability : CVE-2025-62711
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in...
Wasmtime 安全漏洞
wasmtime is a lightweight WebAssembly runtime open-sourced by the Bytecode Alliance. A security vulnerability exists in Wasmtime version 37.0.0 and 37.0.1, which stems from a memory management flaw in the C/C++ API for anyref or externref values that could lead to a memory leak...
PT-2025-43676
Name of the Vulnerable Software and Affected Versions Wasmtime versions 38.0.0 through 38.0.2 Description Wasmtime is a runtime for WebAssembly. Versions from 38.0.0 through 38.0.2 contain a flaw in the implementation of component-model related host-to-wasm trampolines. Specifically, a carefully...
auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +106 more potentially affected by CVE-2024-51745 via wasmtime (>=0.10.0 <=1.0.2)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2024-51745 Source advisory: OSV:GHSA-C2F5-JXJV-2HH8...
auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +106 more potentially affected by CVE-2024-51745 via wasmtime (>=0.10.0 <=1.0.2)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2024-51745 Source advisory: OSV:RUSTSEC-2024-0438...
abm-initialization-collection (>=0.6.1 <=0.7.0), allencell-segmenter-ml (>=1.0.0 <=1.0.1rc1) +185 more potentially affected by CVE-2024-47813 via wasmtime (>=40.0.0 <=44.0.0)
wasmtime PYPI version =40.0.0, =0.6.1, =1.0.0, =0.10.0.0.post56, =0.6.0, =0.2.1, =0.1.0, =1.0.3, =2.0.0, =0.1.1, =0.4.1, =0.2.0, =0.2.3 - compare-meshes =0.1.0 - compare-meshes-emscripten =0.1.0 and more Source cves: CVE-2024-47813 Source advisory: OSV:PYSEC-2024-311...
PT-2023-22821 · Rust +2 · Rust +2
Name of the Vulnerable Software and Affected Versions: Wasmtime versions prior to 6.0.2 Wasmtime versions prior to 7.0.1 Wasmtime versions prior to 8.0.1 Description: Wasmtime's implementation of managing per-instance state contains LLVM-level undefined behavior, which can cause runtime-level...
auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +100 more potentially affected by CVE-2022-39394 via wasmtime (>=0.10.0 <=12.0.2)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 - inkpad-executor =0.1.0 and more Source cves: CVE-2022-39394 Source advisory: OSV:RUSTSEC-2022-0097...
auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +100 more potentially affected by CVE-2022-39393 via wasmtime (>=0.10.0 <=12.0.2)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 - inkpad-executor =0.1.0 and more Source cves: CVE-2022-39393 Source advisory: OSV:RUSTSEC-2022-0098...
auto-wasi (=0.1.0), ceres-executor (>=0.1.0 <=0.2.0) +44 more potentially affected by CVE-2022-23636 +1 more via wasmtime (>=0.10.0 <=0.33.0)
wasmtime CARGO version =0.10.0, =0.1.0, =0.40.1, =0.45.0, =0.1.0, =0.1.0, =0.3.3, =0.1.0, =0.8.0, =0.8.0, =0.9.0 - smoldot =0.2.0 and more Source cves: CVE-2022-23636, CVE-2022-31169 Source advisory: OSV:RUSTSEC-2022-0096...
auto-wasi (=0.1.0), ceres-executor (>=0.1.0 <=0.2.0) +37 more potentially affected by CVE-2021-39216 +2 more via wasmtime (>=0.10.0 <=0.29.0)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.8.0, =0.8.0, =0.1.1, =0.1.1, =0.1.3 and more Source cves: CVE-2021-39216, CVE-2021-39218, CVE-2021-39219 Source advisory: OSV:GHSA-V4CP-H94R-M7XF...