9 matches found
CVE-2023-26489
wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x8664 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug mea...
assemblylift-cli (>=0.4.0-alpha.5 <=0.4.0-alpha.11), assemblylift-core (>=0.4.0-alpha.10 <=0.4.0-alpha.11) +57 more potentially affected by CVE-2023-26489 via wasmtime (>=0.37.0 <=3.0.1)
wasmtime CARGO version =0.37.0, =0.4.0-alpha.5, =0.4.0-alpha.10, =0.1.0, =0.1.0, =0.1.0, =0.1.3, =0.5.0, =0.5.1, =0.0.1, =0.0.1, =0.0.6, =0.1.0, =0.2.1 - linera-wit-bindgen-gen-host-wasmtime-rust =0.2.0 - linera-wit-bindgen-host-wasmtime-rust =0.2.0 and more Source cves: CVE-2023-26489 Source...
barfs (=0.1.2), cranefack (=0.4.1) +48 more potentially affected by CVE-2023-26489 via cranelift-codegen (>=0.84.0 <=0.90.1)
cranelift-codegen CARGO version =0.84.0, =0.84.0, =0.84.0, =0.84.0, =0.84.0, =0.84.0, =0.84.0, =0.84.0, =0.84.0, =0.84.0, =0.84.0, =0.84.0, =10.0.0, =10.0.0, =17.0.0 and more Source cves: CVE-2023-26489 Source advisory: OSV:GHSA-FF4P-7XRQ-Q5R8...
CVE-2023-26489 vulnerabilities
Vulnerabilities for packages: wasmtime, zellij...
CVE-2023-26489 vulnerabilities
Vulnerabilities for packages: wasmtime, zellij...
CVE-2023-26489
Summary of CVE-2023-26489 (wasmtime/Cranelift): In x86_64, Cranelift’s address-mode computation could extend a 32-bit WebAssembly address to 64 bits, producing an effective address up to 35 bits away from linear memory. With default codegen, this allowed wasm-controlled loads/stores to read/write...
CVE-2023-26489 Guest-controlled out-of-bounds read/write on x86_64 in wasmtime
wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x8664 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug mea...
CVE-2023-26489
wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x8664 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug mea...
assemblylift-cli (>=0.4.0-alpha.5 <=0.4.0-alpha.11), assemblylift-core (>=0.4.0-alpha.10 <=0.4.0-alpha.11) +110 more potentially affected by CVE-2023-26489 via wasmtime (>=0.10.0 <=3.0.1)
wasmtime CARGO version =0.10.0, =0.4.0-alpha.5, =0.4.0-alpha.10, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.0.1, =0.0.1, =0.5.5 and more Source cves: CVE-2023-26489 Source advisory: OSV:RUSTSEC-2023-0090...