4 matches found
CVE-2022-39394
Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the wasmtimetrapcode does not match its declared signature in the wasmtime/trap.h header file. This discrepancy causes the function implementation to...
CVE-2022-39394
CVE-2022-39394 affects Wasmtime prior to 2.0.2: a mismatch in the wasmtime_trap_code C API implementation can cause a 4-byte write into a 1-byte caller buffer, writing three zero bytes beyond the provided location. The issue is fixed in Wasmtime 2.0.2. Workaround: cast a 4-byte buffer to a 1-byte...
CVE-2022-39394 wasmtime_trap_code C API function has out of bounds write vulnerability
Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the wasmtimetrapcode does not match its declared signature in the wasmtime/trap.h header file. This discrepancy causes the function implementation to...
auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +99 more potentially affected by CVE-2022-39394 via wasmtime (>=0.10.0 <=12.0.2)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 - inkpad-executor =0.1.0 and more Source cves: CVE-2022-39394 Source advisory: OSV:RUSTSEC-2022-0097...