2106 matches found
CVE-2022-39218
The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...
Design/Logic Flaw
The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...
CVE-2022-39218 Random number seed fixed during compilation
The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...
PYSEC-2022-43058
WASM3 v0.5.0 was discovered to contain a segmentation fault via the component opSelecti32srs in wasm3/source/m3exec.h...
wasm3 缓冲区错误漏洞
wasm3 is the fastest WebAssembly interpreter, as well as the most versatile runtime. A buffer error vulnerability exists in wasm3 version v0.5.0, which stems from the opSelecti32sr component containing a segmentation error...
[SECURITY] Fedora 36 Update: golang-gioui-0-9.20201225git18d4dbf.fc36
Immediate mode GUI programs in Go for Android, iOS, macOS, Linux, FreeBSD, OpenBSD, Windows, and WebAssembly experimental. See the project page gioui. org for documentation and more information...
CVE-2022-34529
WASM3 v0.5.0 was discovered to contain a segmentation fault via the component CompileMemoryCopyFill...
Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection
As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly Wasm on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their comput...
CVE-2022-31169
Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only...
CVE-2022-31169
Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only...
Design/Logic Flaw
Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only...
UBUNTU-CVE-2022-31169
Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only...
radare2 缓冲区错误漏洞
radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in radare2 version v5.7.0, which stems from a heap buffer overflow vulnerability discovered via the consumeencodednamenew function in format/wasm/wasm.c. The vulnerability is caused by the use o...
Cranelift vulnerable to miscompilation of constant values in division on AArch64
Impact There was a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors could result in incorrect division results at runtime. The translation rules for constants did not take into account whether sign- or zero-extension should happen, which resulted in an...
GHSA-7F6X-JWH5-M9R4 Cranelift vulnerable to miscompilation of constant values in division on AArch64
Impact There was a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors could result in incorrect division results at runtime. The translation rules for constants did not take into account whether sign- or zero-extension should happen, which resulted in an...
CVE-2022-31169 Cranelift vulnerable to miscompilation of constant values in division on AArch64
Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only...
CVE-2022-31169 Cranelift vulnerable to miscompilation of constant values in division on AArch64
Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only...
CVE-2022-31169 Cranelift vulnerable to miscompilation of constant values in division on AArch64
Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only...
CVE-2022-31169
CVE-2022-31169 affects Wasmtime’s Cranelift codegen on AArch64. A miscompilation in constant division may place incorrect values in registers due to sign/zero-extension rules, impacting WebAssembly sandbox correctness. Affected: Wasmtime prior to 0.38.2 and Cranelift prior to 0.85.2; fixed in Was...
CVE-2022-31169
Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only...