860 matches found
CVE-2021-39216
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...
CVE-2021-39216
Wasmtime (pre-0.30.0) contains a use-after-free when passing multiple externref values from host to guest Wasm, potentially allowing a GC to reclaim the first externref and then reuse it after control returns to Wasm. Affected versions are 0.19.0–0.29.0; upgrading to Wasmtime 0.30.0 fixes the iss...
Multiple Vulnerabilities in Wasmtime
Use after free passing externrefs to Wasm in Wasmtime Out-of-bounds read/write and invalid free with externrefs and GC safepoints in Wasmtime Wrong type for Linker-define functions when used across two Engines...
auto-wasi (=0.1.0), ceres-executor (>=0.1.0 <=0.2.0) +36 more potentially affected by CVE-2021-39216 +2 more via wasmtime (>=0.10.0 <=0.29.0)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.8.0, =0.8.0, =0.1.1, =0.1.1, =0.1.2, =0.1.4 and more Source cves: CVE-2021-39216, CVE-2021-39218, CVE-2021-39219 Source advisory: OSV:RUSTSEC-2021-0110...
RUSTSEC-2021-0110 Multiple Vulnerabilities in Wasmtime
Use after free passing externrefs to Wasm in Wasmtime Out-of-bounds read/write and invalid free with externrefs and GC safepoints in Wasmtime Wrong type for Linker-define functions when used across two Engines...
Wasmtime 缓冲区错误漏洞
Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. Wasmtime suffers from a buffer error vulnerability that stems from an invalid free and out-of-bounds read/write error when running Wasm due to a memory unsoundness vulnerability in...
Wasmtime 资源管理错误漏洞
Wasmtime, a Bytecode Consortium project, is a standalone wasm optimization runtime for WebAssembly and WASI only. A resource management error vulnerability exists in Wasmtime that stems from a post-release usage error when passing multiple externrefs from the host to guest Wasm content...
Wasmtime 代码问题漏洞
Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. A code issue vulnerability exists in Wasmtime that stems from Wasmtime prior to version 0.30.0 being affected by a type obfuscation vulnerability...
memquery (=0.1.1), nmigen-yosys (>=0.9.0.post3527.dev26 <=0.9.0.post3746.dev31) +13 more potentially affected by CVE-2021-32629 via wasmtime (>=0.18.2 <=0.25.0)
wasmtime PYPI version =0.18.2, =0.9.0.post3527.dev26, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1,...
GHSA-HPQH-2WQX-7QP5 Memory access due to code generation flaw in Cranelift module
There is a bug in 0.73.0 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a WebAssembly module. Users of versions 0.73.0 of Cranelift should upgrade to either 0.73.1 or 0.74 to remediate this vulnerability. Users of Cranelift prior to 0.73...
CVE-2021-32629
Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape i...
memquery (=0.1.1), nmigen-yosys (>=0.9.0.post3527.dev26 <=0.9.0.post3746.dev31) +13 more potentially affected by CVE-2021-32629 via wasmtime (>=0.18.2 <=0.25.0)
wasmtime PYPI version =0.18.2, =0.9.0.post3527.dev26, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1,...
CVE-2021-32629 Memory access due to code generation flaw in Cranelift module
Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape i...
wasmtime:differential: Crash in RegisterSetjmp
Detailed Report: https://oss-fuzz.com/testcase?key=6205251766714368 Project: wasmtime Fuzzing Engine: libFuzzer Fuzz Target: differential Job Type: libfuzzerasanwasmtime Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x7f4688188004 Crash State: RegisterSetjmp...
lightbeam (>=0.7.0 <=0.15.0), llama-wasm (>=0.1.0 <=0.5.0) +1 more potentially affected by unknown CVE via multi_mut (=0.1.3)
multimut CARGO version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on multimut and may be impacted: - lightbeam =0.7.0, =0.1.0, =0.7.0, =0.15.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2020-0169...
wasmtime:differential: Crash with empty stacktrace
Project: https://github.com/bytecodealliance/wasmtime.git Detailed Report: https://oss-fuzz.com/testcase?key=5638872262508544 Project: wasmtime Fuzzing Engine: libFuzzer Fuzz Target: differential Job Type: libfuzzerasanwasmtime Platform Id: linux Crash Type: UNKNOWN READ Crash Address:...
wasmtime:differential: Crash in [stack]
Project: https://github.com/bytecodealliance/wasmtime.git Detailed Report: https://oss-fuzz.com/testcase?key=5637784696258560 Project: wasmtime Fuzzing Engine: libFuzzer Fuzz Target: differential Job Type: libfuzzerasanwasmtime Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address:...
wasmtime:differential: Crash in _fini
Project: https://github.com/bytecodealliance/wasmtime.git Detailed Report: https://oss-fuzz.com/testcase?key=5750187404558336 Project: wasmtime Fuzzing Engine: libFuzzer Fuzz Target: differential Job Type: libfuzzerasanwasmtime Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address:...
wasmtime:api_calls: Crash with empty stacktrace
Project: https://github.com/bytecodealliance/wasmtime.git Detailed Report: https://oss-fuzz.com/testcase?key=5069880397398016 Project: wasmtime Fuzzing Engine: libFuzzer Fuzz Target: apicalls Job Type: libfuzzerasanwasmtime Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x7f52f0071d5...
wasmtime:differential: Crash in [stack]
Project: https://github.com/bytecodealliance/wasmtime.git Detailed Report: https://oss-fuzz.com/testcase?key=5719544398348288 Project: wasmtime Fuzzing Engine: libFuzzer Fuzz Target: differential Job Type: libfuzzerasanwasmtime Platform Id: linux Crash Type: UNKNOWN READ Crash Address:...