Lucene search
K

69 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/09 6:43 p.m.4 views

CVE-2026-34946

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a vulnerability where the compilation of the table.fill instruction can result in a host panic. This means that a valid guest can be compiled with Winch, on any architecture...

5.9CVSS6AI score0.00358EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/09 6:32 p.m.23 views

CVE-2026-34942 Wasmtime panics when transcoding misaligned utf-16 strings

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be...

5.9CVSS0.00354EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 6:32 p.m.24 views

CVE-2026-34942

Wasmtime VM exposes a DoS risk due to a panic-triggering path when transcoding strings into utf16/latin1+utf16. Root cause: alignment verification for reallocated strings was improper, allowing unaligned pointers to be passed to the host by a malicious guest. Affected versions prior to fixed rele...

6.5CVSS5.9AI score0.00354EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/09 12:0 p.m.3 views

RUSTSEC-2026-0089 Host panic when Winch compiler executes `table.fill`

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q49f-xg75-m9xw For more information see the GitHub-hosted security advisory...

5.9CVSS5.8AI score0.00358EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.3 views

PT-2026-31681

Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 Description Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings did not properly verify the alignment of reallocated strings...

6.5CVSS5.7AI score0.00354EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31687

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a vulnerability where the compilation of the table.fill instruction can result in a host panic. This means that a valid guest can be compiled with Winch, on any architecture...

5.9CVSS6AI score0.00358EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.9 views

wasmtime 输入验证错误漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions of Wastime prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the improper validation of the alignment of reallocated...

6.5CVSS5.7AI score0.00354EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/04/09 12:0 a.m.7 views

tree-sitter-cli -- Always-Incorrect Control Flow Implementation in wasmtime crate

https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q49f-xg75-m9xw reports: Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a vulnerability where the compilation of the table.fill instruction can result ...

7.5CVSS5.5AI score0.00358EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-34942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's...

6.5CVSS5.5AI score0.00354EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/24 8:47 p.m.13 views

Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion

Impact Wasmtime's implementation of WASI host interfaces are susceptible to guest-controlled resource exhaustion on the host. Wasmtime did not appropriately place limits on resource allocations requested by the guests. This serves as a Denial of Service vector where a guest can induce a range of...

6.9CVSS6AI score0.00345EPSS
Exploits0References10Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-10615

Malware in sbrugna...

6.5CVSS6.7AI score0.00464EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-21918

Malicious code in bioql PyPI...

3.5CVSS6.3AI score0.00299EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2025/07/24 11:22 p.m.3 views

SUSE CVE-2025-53901

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

3.5CVSS6.8AI score0.00299EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/07/20 12:0 a.m.4 views

FreeBSD : libwasmtime -- host panic with fd_renumber WASIp1 function (605a9d1e-6521-11f0-beb2-ac5afc632ba3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 605a9d1e-6521-11f0-beb2-ac5afc632ba3 advisory. WasmTime development team reports: A bug in Wasmtime's implementation of the WASIp1 set of import...

3.5CVSS5.5AI score0.00299EPSS
Exploits0References3
OSV
OSV
added 2025/07/18 7:50 p.m.4 views

GHSA-FM79-3F68-H2FC Wasmtime CLI is vulnerable to host panic through its fd_renumber function

Summary A bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling fdrenumber with either: - two equal argument values - second argument being equal...

3.5CVSS6.4AI score0.00299EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2025/07/18 7:50 p.m.7 views

Wasmtime CLI is vulnerable to host panic through its fd_renumber function

Summary A bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling fdrenumber with either: - two equal argument values - second argument being equal...

3.5CVSS6.5AI score0.00299EPSS
Exploits0References12Affected Software2
OSV
OSV
added 2025/07/18 6:15 p.m.2 views

DEBIAN-CVE-2025-53901

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

3.5CVSS5.4AI score0.00299EPSS
Exploits0References1
OSV
OSV
added 2025/07/18 6:15 p.m.6 views

UBUNTU-CVE-2025-53901

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

3.5CVSS5.8AI score0.00299EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/07/18 5:10 p.m.12 views

CVE-2025-53901 Wasmtime has host panic with `fd_renumber` WASIp1 function

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

3.5CVSS0.00299EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/18 5:10 p.m.5 views

CVE-2025-53901 Wasmtime has host panic with `fd_renumber` WASIp1 function

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

3.5CVSS6.7AI score0.00299EPSS
Exploits0References5
Rows per page
Query Builder