4 matches found
CVE-2022-24791
Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption it is disabled by default...
CVE-2022-24791
The CVE refers to Wasmtime (WebAssembly JIT runtime using Cranelift) with a use-after-free vulnerability that occurs when running Wasm code using externrefs while epoch interruption is enabled. The issue is caused by Cranelift failing to emit stack maps for safepoints inside cold blocks, which re...
wasmtime-cli (>=0.35.0 <=0.35.1) potentially affected by CVE-2022-24791 via wasmtime (>=0.35.0 <=0.35.1)
wasmtime CARGO version =0.35.0, =0.35.0, =0.35.1 Source cves: CVE-2022-24791 Source advisory: OSV:RUSTSEC-2022-0099...
auto-wasi (=0.1.0), ceres-executor (>=0.1.0 <=0.2.0) +47 more potentially affected by CVE-2022-24791 via wasmtime (>=0.10.0 <=0.34.1)
wasmtime CARGO version =0.10.0, =0.1.0, =0.0.0, =0.40.1, =0.45.0, =0.1.0, =0.1.0, =0.1.0, =0.3.3, =0.1.0, =0.8.0, =0.8.0, =0.9.0 and more Source cves: CVE-2022-24791 Source advisory: OSV:RUSTSEC-2022-0099...