2106 matches found
Wasmtime Resource Management Error Vulnerability
Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. a resource management error vulnerability exists in Wasmtime, which stems from the fact that when running Wasm with externrefs and epoch interrupts are enabled in Wasmtime, a use after...
CVE-2022-24791
Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption it is disabled by default...
CVE-2022-24791
Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption it is disabled by default...
CVE-2022-24791
The CVE refers to Wasmtime (WebAssembly JIT runtime using Cranelift) with a use-after-free vulnerability that occurs when running Wasm code using externrefs while epoch interruption is enabled. The issue is caused by Cranelift failing to emit stack maps for safepoints inside cold blocks, which re...
Default configuration
Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...
CVE-2022-23636 Invalid drop of partially-initialized instances in wasmtime
Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...
CVE-2022-23636 Invalid drop of partially-initialized instances in wasmtime
Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...
CVE-2022-23636
CVE-2022-23636 affects Wasmtime prior to 0.34.1 and 0.33.1, due to a bug in the pooling instance allocator that can cause an invalid drop of a VMExternRef when a module defines an externref global and instance creation fails. The vulnerability depends on specific conditions (e.g., mprotect/Virtua...
golang: Command-line arguments may overwrite global data
A flaw was found in golang. This vulnerability can only be triggered when invoking functions from vulnerable WASM WebAssembly Modules. Go can be compiled to WASM. If the product or service doesn't use WASM functions, it is not affected, although it uses golang...
[SECURITY] Fedora 35 Update: binaryen-105-1.fc35
Binaryen is a compiler and toolchain infrastructure library for WebAssembly, written in C++. It aims to make compiling to WebAssembly easy, fast, and effective: Easy: Binaryen has a simple C API in a single header, and can also be used from JavaScript. It accepts input in WebAssembly-like form bu...
[SECURITY] Fedora 34 Update: binaryen-105-1.fc34
Binaryen is a compiler and toolchain infrastructure library for WebAssembly, written in C++. It aims to make compiling to WebAssembly easy, fast, and effective: Easy: Binaryen has a simple C API in a single header, and can also be used from JavaScript. It accepts input in WebAssembly-like form bu...
CVE-2022-21685 Integer underflow in Frontier
Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...
Binaryen Denial of Service Vulnerability
Binaryen is a compiler infrastructure and toolchain library for WebAssembly written in C. A security vulnerability exists in Binaryen version 104, which stems from an assertion abort in wasm::WasmBinaryBuilder::readFunctions in the software, and could be exploited by an attacker to cause a denial...
Binaryen Denial of Service Vulnerability
Binaryen is a compiler infrastructure and toolchain library for WebAssembly written in C++. Binaryen suffers from a denial of service vulnerability in version 104, which stems from an assertion abort in the software wasm::WasmBinaryBuilder::VisitRetrow, that can be exploited by an attacker to cau...
Binaryen Denial of Service Vulnerability
Binaryen is a compiler infrastructure and toolchain library for WebAssembly written in C++. A denial of service vulnerability exists in Binaryen version 104, which stems from an assertion abort in the software wasm::Tuple::validate, and could be exploited by an attacker to cause a denial of servi...
Binaryen Stack Buffer Overflow Vulnerability
Binaryen is a compiler infrastructure and toolchain library for WebAssembly written in C++. Binaryen has a stack buffer overflow vulnerability in version 103, which originates when the software printf public function performs an operation in memory, and can be exploited by an attacker to cause...
Binaryen Denial of Service Vulnerability (CNVD-2022-06886)
Binaryen 104 is a compiler infrastructure and toolchain library for WebAssembly written in C. A denial of service vulnerability exists in Binaryen 104, which stems from an assertion abort in the software wasm::WasmBinaryBuilder::visitRethrowwasm::Rethrow. , which can be exploited by an attacker t...
DEBIAN-CVE-2021-46054
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrowwasm::Rethrow...
CVE-2021-46052
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate...
DEBIAN-CVE-2021-46052
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate...