Lucene search
K

2106 matches found

Prion
Prion
added 2021/09/17 8:15 p.m.21 views

Type confusion

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should...

3.3CVSS6.2AI score0.00295EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2021/09/17 8:15 p.m.19 views

PYSEC-2021-322

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should...

6.3CVSS1.4AI score0.00297EPSS
Exploits0References3
OSV
OSV
added 2021/09/17 8:15 p.m.23 views

PYSEC-2021-320

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...

6.3CVSS0.9AI score0.00297EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/09/17 8:10 p.m.33 views

CVE-2021-39218 Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger thi...

6.3CVSS6.7AI score0.00291EPSS
Exploits0References5
CVE
CVE
added 2021/09/17 8:10 p.m.90 views

CVE-2021-39219

Technical details about CVE-2021-39219 are not publicly provided in the connected documents. Monitor for updates from official advisories; the supplied sources do not enumerate affected products/versions or fixes beyond the initial description.

6.3CVSS6.3AI score0.00295EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2021/09/17 8:10 p.m.23 views

CVE-2021-39219 Wrong type for `Linker`-define functions when used across two `Engine`s

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should...

6.3CVSS6.5AI score0.00295EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/09/17 8:5 p.m.37 views

CVE-2021-39216 Use after free passing `externref`s to Wasm in Wasmtime

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...

6.3CVSS6.6AI score0.00297EPSS
Exploits0References5
CVE
CVE
added 2021/09/17 8:5 p.m.77 views

CVE-2021-39216

Wasmtime (pre-0.30.0) contains a use-after-free when passing multiple externref values from host to guest Wasm, potentially allowing a GC to reclaim the first externref and then reuse it after control returns to Wasm. Affected versions are 0.19.0–0.29.0; upgrading to Wasmtime 0.30.0 fixes the iss...

6.3CVSS6.4AI score0.00297EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2021/09/17 12:0 a.m.5 views

Wasmtime 代码问题漏洞

Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. A code issue vulnerability exists in Wasmtime that stems from Wasmtime prior to version 0.30.0 being affected by a type obfuscation vulnerability...

6.3CVSS6.5AI score0.00295EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/09/17 12:0 a.m.5 views

Wasmtime 资源管理错误漏洞

Wasmtime, a Bytecode Consortium project, is a standalone wasm optimization runtime for WebAssembly and WASI only. A resource management error vulnerability exists in Wasmtime that stems from a post-release usage error when passing multiple externrefs from the host to guest Wasm content...

6.3CVSS6.3AI score0.00297EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2021/09/14 3:3 p.m.116 views

Pair of Google Chrome Zero-Day Bugs Actively Exploited

Google has addressed two zero-day security bugs that are being actively exploited in the wild. As part of the internet giant’s latest stable channel release version 93.0.4577.82 for Windows, Mac and Linux, it fixed 11 total vulnerabilities, all of them rated high-severity. The two zero days are...

9.6CVSS9.3AI score0.70435EPSS
Exploits13References16
OSV
OSV
added 2021/08/25 9:1 p.m.13 views

GHSA-HPQH-2WQX-7QP5 Memory access due to code generation flaw in Cranelift module

There is a bug in 0.73.0 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a WebAssembly module. Users of versions 0.73.0 of Cranelift should upgrade to either 0.73.1 or 0.74 to remediate this vulnerability. Users of Cranelift prior to 0.73...

7.2CVSS8.5AI score0.00455EPSS
Exploits1References9
Packet Storm
Packet Storm
added 2021/08/16 12:0 a.m.506 views

Chrome JS WasmJs::InstallConditionalFeatures Object Corruption

Chrome: JS object corruption in WasmJs::InstallConditionalFeatures VULNERABILITY DETAILS void WasmJs::InstallConditionalFeaturesIsolate isolate, Handle context // Exception handling may have been enabled by an origin trial. If so, make // sure that the WebAssembly.Exception constructor is set up...

6.8CVSS0.4AI score0.04737EPSS
Exploits2
CNNVD
CNNVD
added 2021/08/11 12:0 a.m.5 views

Wasm3 缓冲区错误漏洞

wasm3 is the fastest WebAssembly interpreter and the most versatile runtime. A security vulnerability exists in wasm3 that stems from a heap-based buffer overflow...

7.5CVSS7.8AI score0.01294EPSS
Exploits0References3
NVD
NVD
added 2021/06/24 2:15 p.m.21 views

CVE-2021-29945

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected.. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

6.5CVSS0.01208EPSS
Exploits0References4
OSV
OSV
added 2021/06/24 2:15 p.m.6 views

CVE-2021-29945

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected.. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

6.5CVSS8AI score
Exploits0References4
OSV
OSV
added 2021/06/24 2:15 p.m.2 views

DEBIAN-CVE-2021-29945

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected.. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

6.5CVSS6.9AI score0.01208EPSS
Exploits0References1
Prion
Prion
added 2021/06/24 2:15 p.m.20 views

Design/Logic Flaw

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected.. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

4.3CVSS6.3AI score0.01208EPSS
Exploits0References4Affected Software3
CVE
CVE
added 2021/06/24 1:19 p.m.418 views

CVE-2021-29945

CVE-2021-29945 concerns the WebAssembly JIT: the JIT could miscalculate the size of a return type, causing a null read and a crash on x86-32. Affected products per the provided documents include Firefox ESR and Firefox releases prior to 78.10 and Thunderbird prior to 78.10 (Firefox

6.5CVSS6.2AI score0.01208EPSS
Exploits0References4Affected Software3
Cvelist
Cvelist
added 2021/06/24 1:19 p.m.20 views

CVE-2021-29945

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected.. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

6.9AI score0.01208EPSS
Exploits0References4
Rows per page
Query Builder