Wasmtime 安全漏洞

Wasmtime is a standalone WebAssembly and WASI-only wasm optimization runtime open-sourced by the Bytecode Alliance. A security vulnerability exists in versions of Wasmtime prior to 2.0.2 that stems from a data leak between instances in its pool allocator...

CVE-2022-39392 Wasmtime vulnerable to out of bounds read/write with zero-memory-pages configuration

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mappi...

unbound: integer overflow in the regional allocator via the ALIGN_UP macro

A flaw was found in unbound. An integer overflow in the regional allocator via the ALIGNUP macro may lead to a buffer overflow if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability...

RUSTSEC-2022-0098 Data leakage between instances in the pooling allocator

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf. For more information see the GitHub-hosted security advisory...

Data leakage between instances in the pooling allocator

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf. For more information see the GitHub-hosted security advisory...

PT-2022-24952 · Wasmtime · Wasmtime

Name of the Vulnerable Software and Affected Versions: Wasmtime versions prior to 2.0.2 Description: There is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance, the initial heap snapshot of the prior instance can be...

PT-2022-24951 · Wasmtime · Wasmtime

Name of the Vulnerable Software and Affected Versions: Wasmtime versions prior to 2.0.2 Description: There is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuratio...

GHSA-RC23-XXGQ-X27G wee_alloc is Unmaintained

Two of the maintainers have indicated that the crate may not be maintained. The crate has open issues including memory leaks and may not be suitable for production use. It may be best to switch to the default Rust standard allocator on wasm32 targets. Last release seems to have been three years a...

wee_alloc is Unmaintained

Two of the maintainers have indicated that the crate may not be maintained. The crate has open issues including memory leaks and may not be suitable for production use. It may be best to switch to the default Rust standard allocator on wasm32 targets. Last release seems to have been three years a...

PT-2022-7434 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the kmalloc function in the Linux kernel, which can fail due to out-of-memory conditions. If it fails, the function should return an error code errno instead of...

CVE-2022-36086

CVE-2022-36086 relates to the Rust crate linked_list_allocator (no_std). Prior to 0.10.2, heap initialization methods could perform out-of-bounds writes when the heap size was too small (less than 3 × size_of::) due to metadata writes, affecting Heap::new, Heap::init, Heap::init_from_slice, Locke...

linked-list-allocator 缓冲区错误漏洞

linked-list-allocator is a linked-list allocator codebase open-sourced by Rust OSDev. A buffer error vulnerability exists in linked-list-allocator prior to version 0.10.2, which stems from the heap initialization method lacking a minimum size check for a given heap size parameter, which could...

OSV-2022-794 Heap-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50629 Crash type: Heap-buffer-overflow READ 5 Crash state: std::1::basicstring, std::1::allocatorch Exiv2::QuickTimeVideo::previewTagDecoder Exiv2::QuickTimeVideo::tagDecoder...

PT-2022-7538 · Hdf5 +4 · Hdf5 +4

Name of the Vulnerable Software and Affected Versions: HDF5 versions prior to 1.14.4 Description: The issue is related to a stack buffer overflow in the H5FL arr malloc function, which can lead to denial of service or potential code execution. This may allow an attacker to impact the...

CVE-2022-36153

tifig v0.2.2 was discovered to contain a segmentation violation via std::vector ::size const at /bits/stlvector.h...

CVE-2022-36153

tifig v0.2.2 was discovered to contain a segmentation violation via std::vector ::size const at /bits/stlvector.h...

artemidefreightallocator.fr Cross Site Scripting vulnerability OBB-2838718

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2022-14608 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write due to an integer overflow in the AllocateInternalBuffers function of g3aa buffer allocator.cc. This could lead to local escalation of privilege with no...

Unbounded memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

CVE-2022-31146

Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection. This means that if a GC happens at runtime then the GC pass will...