Lucene search
K

2106 matches found

CNVD
CNVD
added 2022/04/02 12:0 a.m.14 views

Wasmtime Resource Management Error Vulnerability

Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. a resource management error vulnerability exists in Wasmtime, which stems from the fact that when running Wasm with externrefs and epoch interrupts are enabled in Wasmtime, a use after...

9.8CVSS1.4AI score0.01137EPSS
Exploits0References1
NVD
NVD
added 2022/03/31 11:15 p.m.11 views

CVE-2022-24791

Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption it is disabled by default...

9.8CVSS0.01137EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/03/31 11:15 p.m.30 views

CVE-2022-24791

Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption it is disabled by default...

9.8CVSS7.2AI score0.01137EPSS
Exploits0References3
CVE
CVE
added 2022/03/31 11:0 p.m.113 views

CVE-2022-24791

The CVE refers to Wasmtime (WebAssembly JIT runtime using Cranelift) with a use-after-free vulnerability that occurs when running Wasm code using externrefs while epoch interruption is enabled. The issue is caused by Cranelift failing to emit stack maps for safepoints inside cold blocks, which re...

9.8CVSS9.1AI score0.01137EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/02/16 10:15 p.m.11 views

Default configuration

Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...

7.1CVSS8AI score0.0076EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/02/16 10:0 p.m.35 views

CVE-2022-23636 Invalid drop of partially-initialized instances in wasmtime

Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...

5.1CVSS7.5AI score0.0076EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/02/16 10:0 p.m.61 views

CVE-2022-23636 Invalid drop of partially-initialized instances in wasmtime

Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...

5.1CVSS8.2AI score0.0076EPSS
Exploits1References2
CVE
CVE
added 2022/02/16 10:0 p.m.92 views

CVE-2022-23636

CVE-2022-23636 affects Wasmtime prior to 0.34.1 and 0.33.1, due to a bug in the pooling instance allocator that can cause an invalid drop of a VMExternRef when a module defines an externref global and instance creation fails. The vulnerability depends on specific conditions (e.g., mprotect/Virtua...

8.1CVSS6.5AI score0.0076EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2022/02/03 4:10 p.m.2 views

golang: Command-line arguments may overwrite global data

A flaw was found in golang. This vulnerability can only be triggered when invoking functions from vulnerable WASM WebAssembly Modules. Go can be compiled to WASM. If the product or service doesn't use WASM functions, it is not affected, although it uses golang...

9.8CVSS7.1AI score0.10299EPSS
Exploits0References5
Fedora
Fedora
added 2022/01/25 1:11 a.m.35 views

[SECURITY] Fedora 35 Update: binaryen-105-1.fc35

Binaryen is a compiler and toolchain infrastructure library for WebAssembly, written in C++. It aims to make compiling to WebAssembly easy, fast, and effective: Easy: Binaryen has a simple C API in a single header, and can also be used from JavaScript. It accepts input in WebAssembly-like form bu...

7.5CVSS6.2AI score0.01465EPSS
Exploits2
Fedora
Fedora
added 2022/01/25 1:4 a.m.37 views

[SECURITY] Fedora 34 Update: binaryen-105-1.fc34

Binaryen is a compiler and toolchain infrastructure library for WebAssembly, written in C++. It aims to make compiling to WebAssembly easy, fast, and effective: Easy: Binaryen has a simple C API in a single header, and can also be used from JavaScript. It accepts input in WebAssembly-like form bu...

7.5CVSS6.2AI score0.01465EPSS
Exploits2
OSV
OSV
added 2022/01/14 5:5 p.m.29 views

CVE-2022-21685 Integer underflow in Frontier

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...

6.5CVSS6.4AI score0.01331EPSS
Exploits0References5
CNVD
CNVD
added 2022/01/14 12:0 a.m.14 views

Binaryen Denial of Service Vulnerability

Binaryen is a compiler infrastructure and toolchain library for WebAssembly written in C. A security vulnerability exists in Binaryen version 104, which stems from an assertion abort in wasm::WasmBinaryBuilder::readFunctions in the software, and could be exploited by an attacker to cause a denial...

5.5CVSS4.8AI score0.007EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/14 12:0 a.m.21 views

Binaryen Denial of Service Vulnerability

Binaryen is a compiler infrastructure and toolchain library for WebAssembly written in C++. Binaryen suffers from a denial of service vulnerability in version 104, which stems from an assertion abort in the software wasm::WasmBinaryBuilder::VisitRetrow, that can be exploited by an attacker to cau...

5.5CVSS5.3AI score0.007EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/14 12:0 a.m.15 views

Binaryen Denial of Service Vulnerability

Binaryen is a compiler infrastructure and toolchain library for WebAssembly written in C++. A denial of service vulnerability exists in Binaryen version 104, which stems from an assertion abort in the software wasm::Tuple::validate, and could be exploited by an attacker to cause a denial of servi...

5.5CVSS5.2AI score0.00703EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/14 12:0 a.m.14 views

Binaryen Stack Buffer Overflow Vulnerability

Binaryen is a compiler infrastructure and toolchain library for WebAssembly written in C++. Binaryen has a stack buffer overflow vulnerability in version 103, which originates when the software printf public function performs an operation in memory, and can be exploited by an attacker to cause...

5.5CVSS5.5AI score0.00679EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/14 12:0 a.m.16 views

Binaryen Denial of Service Vulnerability (CNVD-2022-06886)

Binaryen 104 is a compiler infrastructure and toolchain library for WebAssembly written in C. A denial of service vulnerability exists in Binaryen 104, which stems from an assertion abort in the software wasm::WasmBinaryBuilder::visitRethrowwasm::Rethrow. , which can be exploited by an attacker t...

5.5CVSS3.5AI score0.00703EPSS
Exploits1References1
OSV
OSV
added 2022/01/10 2:11 p.m.3 views

DEBIAN-CVE-2021-46054

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrowwasm::Rethrow...

5.5CVSS5.7AI score0.00703EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/01/10 2:11 p.m.4 views

CVE-2021-46052

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate...

5.5CVSS5.9AI score0.00703EPSS
Exploits1References2
OSV
OSV
added 2022/01/10 2:11 p.m.3 views

DEBIAN-CVE-2021-46052

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate...

5.5CVSS5.7AI score0.00703EPSS
Exploits1References1
Rows per page
Query Builder