Lucene search
+L

860 matches found

Debian CVE
Debian CVE
added 2021/09/17 8:5 p.m.14 views

CVE-2021-39216

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...

6.3CVSS6.5AI score0.00307EPSS
Exploits0
CVE
CVE
added 2021/09/17 8:5 p.m.82 views

CVE-2021-39216

Wasmtime (pre-0.30.0) contains a use-after-free when passing multiple externref values from host to guest Wasm, potentially allowing a GC to reclaim the first externref and then reuse it after control returns to Wasm. Affected versions are 0.19.0–0.29.0; upgrading to Wasmtime 0.30.0 fixes the iss...

6.3CVSS6.4AI score0.00307EPSS
Exploits0References5Affected Software1
RustSec
RustSec
added 2021/09/17 12:0 p.m.50 views

Multiple Vulnerabilities in Wasmtime

Use after free passing externrefs to Wasm in Wasmtime Out-of-bounds read/write and invalid free with externrefs and GC safepoints in Wasmtime Wrong type for Linker-define functions when used across two Engines...

6.3CVSS2.4AI score0.00307EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2021/09/17 12:0 p.m.4 views

auto-wasi (=0.1.0), ceres-executor (>=0.1.0 <=0.2.0) +36 more potentially affected by CVE-2021-39216 +2 more via wasmtime (>=0.10.0 <=0.29.0)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.8.0, =0.8.0, =0.1.1, =0.1.1, =0.1.2, =0.1.4 and more Source cves: CVE-2021-39216, CVE-2021-39218, CVE-2021-39219 Source advisory: OSV:RUSTSEC-2021-0110...

6.3CVSS6.5AI score0.00361EPSS
Exploits0
OSV
OSV
added 2021/09/17 12:0 p.m.25 views

RUSTSEC-2021-0110 Multiple Vulnerabilities in Wasmtime

Use after free passing externrefs to Wasm in Wasmtime Out-of-bounds read/write and invalid free with externrefs and GC safepoints in Wasmtime Wrong type for Linker-define functions when used across two Engines...

6.3CVSS6.4AI score0.00361EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/09/17 12:0 a.m.76 views

Wasmtime 缓冲区错误漏洞

Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. Wasmtime suffers from a buffer error vulnerability that stems from an invalid free and out-of-bounds read/write error when running Wasm due to a memory unsoundness vulnerability in...

6.3CVSS6.6AI score0.003EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/09/17 12:0 a.m.6 views

Wasmtime 资源管理错误漏洞

Wasmtime, a Bytecode Consortium project, is a standalone wasm optimization runtime for WebAssembly and WASI only. A resource management error vulnerability exists in Wasmtime that stems from a post-release usage error when passing multiple externrefs from the host to guest Wasm content...

6.3CVSS6.3AI score0.00307EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/09/17 12:0 a.m.8 views

Wasmtime 代码问题漏洞

Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. A code issue vulnerability exists in Wasmtime that stems from Wasmtime prior to version 0.30.0 being affected by a type obfuscation vulnerability...

6.3CVSS6.5AI score0.00361EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2021/08/25 9:1 p.m.8 views

memquery (=0.1.1), nmigen-yosys (>=0.9.0.post3527.dev26 <=0.9.0.post3746.dev31) +13 more potentially affected by CVE-2021-32629 via wasmtime (>=0.18.2 <=0.25.0)

wasmtime PYPI version =0.18.2, =0.9.0.post3527.dev26, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1,...

8.8CVSS7.2AI score0.00455EPSS
Exploits1
OSV
OSV
added 2021/08/25 9:1 p.m.13 views

GHSA-HPQH-2WQX-7QP5 Memory access due to code generation flaw in Cranelift module

There is a bug in 0.73.0 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a WebAssembly module. Users of versions 0.73.0 of Cranelift should upgrade to either 0.73.1 or 0.74 to remediate this vulnerability. Users of Cranelift prior to 0.73...

7.2CVSS8.5AI score0.00455EPSS
Exploits1References9
OSV
OSV
added 2021/05/24 4:15 p.m.18 views

CVE-2021-32629

Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape i...

8.8CVSS8.7AI score
Exploits0References4
vulnersOsv
vulnersOsv
added 2021/05/24 4:15 p.m.5 views

memquery (=0.1.1), nmigen-yosys (>=0.9.0.post3527.dev26 <=0.9.0.post3746.dev31) +13 more potentially affected by CVE-2021-32629 via wasmtime (>=0.18.2 <=0.25.0)

wasmtime PYPI version =0.18.2, =0.9.0.post3527.dev26, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1,...

8.8CVSS7.2AI score0.00455EPSS
Exploits1
Cvelist
Cvelist
added 2021/05/24 3:35 p.m.45 views

CVE-2021-32629 Memory access due to code generation flaw in Cranelift module

Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape i...

7.2CVSS8.9AI score0.00455EPSS
Exploits1References4
ossfuzz
ossfuzz
added 2020/08/06 2:6 a.m.15 views

wasmtime:differential: Crash in RegisterSetjmp

Detailed Report: https://oss-fuzz.com/testcase?key=6205251766714368 Project: wasmtime Fuzzing Engine: libFuzzer Fuzz Target: differential Job Type: libfuzzerasanwasmtime Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x7f4688188004 Crash State: RegisterSetjmp...

6.8AI score
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2020/02/07 12:0 p.m.10 views

lightbeam (>=0.7.0 <=0.15.0), llama-wasm (>=0.1.0 <=0.5.0) +1 more potentially affected by unknown CVE via multi_mut (=0.1.3)

multimut CARGO version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on multimut and may be impacted: - lightbeam =0.7.0, =0.1.0, =0.7.0, =0.15.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2020-0169...

5.8AI score
Exploits0
ossfuzz
ossfuzz
added 2020/02/07 10:51 a.m.16 views

wasmtime:differential: Crash with empty stacktrace

Project: https://github.com/bytecodealliance/wasmtime.git Detailed Report: https://oss-fuzz.com/testcase?key=5638872262508544 Project: wasmtime Fuzzing Engine: libFuzzer Fuzz Target: differential Job Type: libfuzzerasanwasmtime Platform Id: linux Crash Type: UNKNOWN READ Crash Address:...

6.8AI score
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2020/02/07 10:51 a.m.26 views

wasmtime:differential: Crash in [stack]

Project: https://github.com/bytecodealliance/wasmtime.git Detailed Report: https://oss-fuzz.com/testcase?key=5637784696258560 Project: wasmtime Fuzzing Engine: libFuzzer Fuzz Target: differential Job Type: libfuzzerasanwasmtime Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address:...

6.8AI score
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2020/02/06 4:35 a.m.20 views

wasmtime:differential: Crash in _fini

Project: https://github.com/bytecodealliance/wasmtime.git Detailed Report: https://oss-fuzz.com/testcase?key=5750187404558336 Project: wasmtime Fuzzing Engine: libFuzzer Fuzz Target: differential Job Type: libfuzzerasanwasmtime Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address:...

6.8AI score
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2020/01/29 6:4 a.m.16 views

wasmtime:api_calls: Crash with empty stacktrace

Project: https://github.com/bytecodealliance/wasmtime.git Detailed Report: https://oss-fuzz.com/testcase?key=5069880397398016 Project: wasmtime Fuzzing Engine: libFuzzer Fuzz Target: apicalls Job Type: libfuzzerasanwasmtime Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x7f52f0071d5...

6.8AI score
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2020/01/28 7:48 p.m.18 views

wasmtime:differential: Crash in [stack]

Project: https://github.com/bytecodealliance/wasmtime.git Detailed Report: https://oss-fuzz.com/testcase?key=5719544398348288 Project: wasmtime Fuzzing Engine: libFuzzer Fuzz Target: differential Job Type: libfuzzerasanwasmtime Platform Id: linux Crash Type: UNKNOWN READ Crash Address:...

6.8AI score
Exploits0Affected Software1
Rows per page
Query Builder