CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2106 matches found

Debian CVE•added 2023/05/03 12:0 a.m.•23 views

CVE-2023-30300

An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop...

5.5CVSS5.4AI score0.00284EPSS

Exploits1

NVD•added 2023/04/27 5:15 p.m.•10 views

CVE-2023-30624

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issues when compiled...

8.8CVSS7AI score0.0045EPSS

Exploits0References2

CVE•added 2023/04/27 4:56 p.m.•60 views

CVE-2023-30624

Wasmtime CVE-2023-30624 concerns an LLVM-level undefined behavior in per-instance state management (VMContext) of the Wasmtime runtime. The issue occurs in Wasmtime versions prior to 6.0.2, 7.0.1, and 8.0.1 and arises when unsafe code mutates VMContext data via methods using &self, which can lead...

8.8CVSS6.7AI score0.0045EPSS

Exploits0References2Affected Software1

OSV•added 2023/04/27 4:56 p.m.•14 views

CVE-2023-30624 Wasmtime has Undefined Behavior in Rust runtime functions

3.9CVSS8.5AI score0.0045EPSS

Exploits0References4

BDU FSTEC•added 2023/04/10 12:0 a.m.•7 views

The vulnerability of the Cranelift compiler (previously Cretonne) for WebAssembly applications, Wasmtime, arises from the execution of operations beyond the buffer boundaries in memory. This vulnerability allows an attacker to execute arbitrary code or cause a service failure.

The vulnerability of the Cranelift compiler previously Cretonne for WebAssembly applications relates to the execution environment. This vulnerability stems from the operation of pushing an instruction out of the buffer into memory when determining linear memory addressing rules. Exploiting this...

10CVSS8.6AI score0.01251EPSS

Exploits0References10Affected Software2

Microsoft CVE•added 2023/04/03 7:0 a.m.•6 views

wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend Cranelift has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vector. This codegen bug has been fixed in Wasmtiem 6.0.1 5.0.1 and 4.0.1. Users are recommended to upgrade to these updated versions. If upgrading is not an option for you at this time you can avoid this miscompilation by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other platforms such as AArch64 and s390x are not affected.

...

4.3CVSS4.9AI score0.00624EPSS

Exploits0