CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1000 matches found

RustSec•added 2022/02/17 12:0 p.m.•2 views

Invalid drop of VMExternRef from partially-initialized instances in the pooling instance allocator

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-88xq-w8cq-xfg7. For more information see the GitHub-hosted security advisory...

8.1CVSS7AI score0.00184EPSS

Exploits1Affected Software1

OSV•added 2022/02/17 12:0 p.m.•0 views

RUSTSEC-2022-0096 Invalid drop of VMExternRef from partially-initialized instances in the pooling instance allocator

8.1CVSS5.9AI score0.00425EPSS

Exploits1References3

Github Security Blog•added 2022/02/16 10:35 p.m.•22 views

Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals

Impact There exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a VMExternRef via an uninitialized pointer. As instance slots may be reused between...

8.1CVSS1AI score0.00184EPSS

Exploits1References5Affected Software1

OSV•added 2022/02/16 10:35 p.m.•3 views

GHSA-88XQ-W8CQ-XFG7 Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals

5.1CVSS7.4AI score0.00425EPSS

Exploits1References5

Prion•added 2022/02/16 10:15 p.m.•8 views

Default configuration

Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...

7.1CVSS8AI score0.00184EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/02/16 10:0 p.m.•14 views

CVE-2022-23636 Invalid drop of partially-initialized instances in wasmtime

5.1CVSS8.2AI score0.00184EPSS

Exploits1References2

OSV•added 2022/02/16 10:0 p.m.•16 views

CVE-2022-23636 Invalid drop of partially-initialized instances in wasmtime

5.1CVSS7.5AI score0.00425EPSS

Exploits1References4

Debian CVE•added 2022/02/16 10:0 p.m.•7 views

CVE-2022-23636

8.1CVSS7.9AI score0.00184EPSS

Exploits1

CNNVD•added 2022/02/16 12:0 a.m.•2 views

Wasmtime 缓冲区错误漏洞

Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. Wasmtime suffers from a buffer error vulnerability that stems from a bug in Wasmtime's pooled instance allocator, where failure to instantiate an instance for a module that defines an...

8.1CVSS7.9AI score0.00184EPSS

Exploits1References4

OSV•added 2022/02/09 11:53 p.m.•0 views

GHSA-9C78-VCQ7-7VXQ Out of bounds write in TFLite

Impact An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. Patches We have patched t...

8.8CVSS7.2AI score0.00175EPSS

Exploits0References6

Github Security Blog•added 2022/02/09 11:53 p.m.•35 views

Out of bounds write in TFLite

8.8CVSS3.5AI score0.00175EPSS

Exploits0References6Affected Software3

NVD•added 2022/02/04 11:15 p.m.•15 views

CVE-2022-23561

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive...

8.8CVSS0.00175EPSS

Exploits0References2

OSV•added 2022/02/04 11:15 p.m.•0 views

PYSEC-2022-125

8.8CVSS7.3AI score0.00175EPSS

Exploits0References2