44 matches found
CVE-2025-61670
Wasmtime is a runtime for WebAssembly. Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the anyref or externref WebAssembly values. This is caused by a regression introduced during the development of 37.0.0 and all prior versions of Wasmtime are unaffected. If...
EUVD-2025-32904
Wasmtime is a runtime for WebAssembly. Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the anyref or externref WebAssembly values. This is caused by a regression introduced during the development of 37.0.0 and all prior versions of Wasmtime are unaffected. If...
CVE-2025-61670 Wasmtime has memory leak in C API with `externref` and `anyref` types
Wasmtime is a runtime for WebAssembly. Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the anyref or externref WebAssembly values. This is caused by a regression introduced during the development of 37.0.0 and all prior versions of Wasmtime are unaffected. If...
CVE-2025-61670 Wasmtime has memory leak in C API with `externref` and `anyref` types
Wasmtime is a runtime for WebAssembly. Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the anyref or externref WebAssembly values. This is caused by a regression introduced during the development of 37.0.0 and all prior versions of Wasmtime are unaffected. If...
CVE-2025-61670
Wasmtime is a runtime for WebAssembly. Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the anyref or externref WebAssembly values. This is caused by a regression introduced during the development of 37.0.0 and all prior versions of Wasmtime are unaffected. If...
CVE-2025-61670 Wasmtime has memory leak in C API with `externref` and `anyref` types
Wasmtime is a runtime for WebAssembly. Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the anyref or externref WebAssembly values. This is caused by a regression introduced during the development of 37.0.0 and all prior versions of Wasmtime are unaffected. If...
CVE-2025-61670
CVE-2025-61670 affects Wasmtime 37.0.0 and 37.0.1, where memory leaks occur in the C/C++ API when using bindings for the WebAssembly values anyref/externref. The root cause is a Rust refactor changing ManuallyRooted to OwnedRooted and incomplete propagation of ownership semantics to the C/C++ API...
EUVD-2021-0464
Malware in sbrugna...
Wasmtime 安全漏洞
wasmtime is a lightweight WebAssembly runtime open-sourced by the Bytecode Alliance. A security vulnerability exists in Wasmtime version 37.0.0 and 37.0.1, which stems from a memory management flaw in the C/C++ API for anyref or externref values that could lead to a memory leak...
PT-2025-41158
Name of the Vulnerable Software and Affected Versions Wasmtime versions 37.0.0 through 37.0.1 Description Wasmtime, a runtime for WebAssembly, contains memory leaks within its C/C++ API when utilizing bindings for anyref or externref WebAssembly values. This issue stems from a regression introduc...
EUVD-2022-0913
Malicious code in bioql PyPI...
GHSA-75HQ-H6G9-H4Q5 Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Impact The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. The panic in question is caused when a...
OSV-2022-588 Heap-use-after-free in wasmtime_runtime::externref::gc::hcbc8e23ae41614fa
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49171 Crash type: Heap-use-after-free WRITE 8 Crash state: wasmtimeruntime::externref::gc::hcbc8e23ae41614fa wasmtimefuzzing::oracles::tableops::$u7b$$u7b$closure$u7d$$u7d$::hd207e5ffb69...
Use After Free with `externref`s in Wasmtime
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-5fhj-g3p3-pq9g. For more information see the GitHub-hosted security advisory...
Use after free in Wasmtime
There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption it is disabled by default then you are not affected. If you are explicitly disabling the Wasm referenc...
RUSTSEC-2022-0099 Use after free with `externref`s and epoch interruption in Wasmtime
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gwc9-348x-qwv2. For more information see the GitHub-hosted security advisory...
Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals
Impact There exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a VMExternRef via an uninitialized pointer. As instance slots may be reused between...
GHSA-88XQ-W8CQ-XFG7 Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals
Impact There exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a VMExternRef via an uninitialized pointer. As instance slots may be reused between...
Default configuration
Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...
CVE-2022-23636 Invalid drop of partially-initialized instances in wasmtime
Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...