2106 matches found
Type confusion
Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should...
PYSEC-2021-322
Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should...
PYSEC-2021-320
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...
CVE-2021-39218 Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger thi...
CVE-2021-39219
Technical details about CVE-2021-39219 are not publicly provided in the connected documents. Monitor for updates from official advisories; the supplied sources do not enumerate affected products/versions or fixes beyond the initial description.
CVE-2021-39219 Wrong type for `Linker`-define functions when used across two `Engine`s
Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should...
CVE-2021-39216 Use after free passing `externref`s to Wasm in Wasmtime
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...
CVE-2021-39216
Wasmtime (pre-0.30.0) contains a use-after-free when passing multiple externref values from host to guest Wasm, potentially allowing a GC to reclaim the first externref and then reuse it after control returns to Wasm. Affected versions are 0.19.0–0.29.0; upgrading to Wasmtime 0.30.0 fixes the iss...
Wasmtime 代码问题漏洞
Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. A code issue vulnerability exists in Wasmtime that stems from Wasmtime prior to version 0.30.0 being affected by a type obfuscation vulnerability...
Wasmtime 资源管理错误漏洞
Wasmtime, a Bytecode Consortium project, is a standalone wasm optimization runtime for WebAssembly and WASI only. A resource management error vulnerability exists in Wasmtime that stems from a post-release usage error when passing multiple externrefs from the host to guest Wasm content...
Pair of Google Chrome Zero-Day Bugs Actively Exploited
Google has addressed two zero-day security bugs that are being actively exploited in the wild. As part of the internet giant’s latest stable channel release version 93.0.4577.82 for Windows, Mac and Linux, it fixed 11 total vulnerabilities, all of them rated high-severity. The two zero days are...
GHSA-HPQH-2WQX-7QP5 Memory access due to code generation flaw in Cranelift module
There is a bug in 0.73.0 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a WebAssembly module. Users of versions 0.73.0 of Cranelift should upgrade to either 0.73.1 or 0.74 to remediate this vulnerability. Users of Cranelift prior to 0.73...
Chrome JS WasmJs::InstallConditionalFeatures Object Corruption
Chrome: JS object corruption in WasmJs::InstallConditionalFeatures VULNERABILITY DETAILS void WasmJs::InstallConditionalFeaturesIsolate isolate, Handle context // Exception handling may have been enabled by an origin trial. If so, make // sure that the WebAssembly.Exception constructor is set up...
Wasm3 缓冲区错误漏洞
wasm3 is the fastest WebAssembly interpreter and the most versatile runtime. A security vulnerability exists in wasm3 that stems from a heap-based buffer overflow...
CVE-2021-29945
The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected.. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
CVE-2021-29945
The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected.. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
DEBIAN-CVE-2021-29945
The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected.. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
Design/Logic Flaw
The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected.. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
CVE-2021-29945
CVE-2021-29945 concerns the WebAssembly JIT: the JIT could miscalculate the size of a return type, causing a null read and a crash on x86-32. Affected products per the provided documents include Firefox ESR and Firefox releases prior to 78.10 and Thunderbird prior to 78.10 (Firefox
CVE-2021-29945
The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected.. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...