8 matches found
CVE-2022-23636
Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...
abstraps (=0.1.8), aivm (>=0.2.0 <=0.3.0) +286 more potentially affected by CVE-2022-23636 +1 more via cranelift-codegen (>=0.14.0 <=0.84.0)
cranelift-codegen CARGO version =0.14.0, =0.2.0, =0.1.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =0.2.9, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.26.1, =0.30.1 and more Source cves: CVE-2022-23636, CVE-2022-31169 Source advisory: OSV:GHSA-7F6X-JWH5-M9R4...
auto-wasi (=0.1.0), ceres-executor (>=0.1.0 <=0.2.0) +79 more potentially affected by CVE-2022-23636 +1 more via wasmtime (>=0.10.0 <=0.37.0)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.40.1, =0.45.0, =0.1.0, =0.1.0, =0.1.0, =0.1.7 - lunatic-common-api =0.9.0 and more Source cves: CVE-2022-23636, CVE-2022-31169 Source advisory: OSV:GHSA-7F6X-JWH5-M9R4...
auto-wasi (=0.1.0), ceres-executor (>=0.1.0 <=0.2.0) +43 more potentially affected by CVE-2022-23636 +1 more via wasmtime (>=0.10.0 <=0.33.0)
wasmtime CARGO version =0.10.0, =0.1.0, =0.40.1, =0.45.0, =0.1.0, =0.1.0, =0.3.3, =0.1.0, =0.8.0, =0.8.0, =0.9.0 - tc-executor-wasmtime =0.8.0 and more Source cves: CVE-2022-23636, CVE-2022-31169 Source advisory: OSV:RUSTSEC-2022-0096...
auto-wasi (=0.1.0), ceres-executor (>=0.1.0 <=0.2.0) +43 more potentially affected by CVE-2022-23636 +1 more via wasmtime (>=0.10.0 <=0.33.0)
wasmtime CARGO version =0.10.0, =0.1.0, =0.40.1, =0.45.0, =0.1.0, =0.1.0, =0.3.3, =0.1.0, =0.8.0, =0.8.0, =0.9.0 - tc-executor-wasmtime =0.8.0 and more Source cves: CVE-2022-23636, CVE-2022-31169 Source advisory: OSV:GHSA-88XQ-W8CQ-XFG7...
CVE-2022-23636
CVE-2022-23636 affects Wasmtime prior to 0.34.1 and 0.33.1, due to a bug in the pooling instance allocator that can cause an invalid drop of a VMExternRef when a module defines an externref global and instance creation fails. The vulnerability depends on specific conditions (e.g., mprotect/Virtua...
CVE-2022-23636 Invalid drop of partially-initialized instances in wasmtime
Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...
CVE-2022-23636
Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...