3 matches found
memquery (=0.1.1), nmigen-yosys (>=0.9.0.post3527.dev26 <=0.9.0.post3746.dev31) +13 more potentially affected by CVE-2021-32629 via wasmtime (>=0.18.2 <=0.25.0)
wasmtime PYPI version =0.18.2, =0.9.0.post3527.dev26, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2625.dev9, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1, =0.0.0.post2616.dev1,...
CVE-2021-32629
Cranelift’s x64 backend bug in 0.73 (and certain earlier builds when the new backend is explicitly selected) can sign-extend a loaded i32 value, potentially enabling sandbox escapes in Wasm modules and exposing memory up to 2 GiB before the heap. Wasmtime and Lucet using Cranelift may be exploita...
aquamarine-vm (>=0.1.0 <=0.5.2), ashpaper-plus (>=0.5.0 <=0.5.1) +140 more potentially affected by CVE-2021-32629 via cranelift-codegen (>=0.14.0 <=0.72.0)
cranelift-codegen CARGO version =0.14.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =0.2.9, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.26.1, =0.13.2, =0.8.0, =0.14.0, =0.14.0, =0.66.0 and more Source cves: CVE-2021-32629 Source advisory: OSV:RUSTSEC-2021-0067...