464 matches found
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs in Wasmtime
...
CVE-2023-41880
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
PT-2025-49851
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 146 Firefox ESR versions prior to 115.31 Firefox ESR versions prior to 140.6 Description The JavaScript Engine contains a JIT miscompilation issue within its JIT component. This can lead to potential problems during...
PT-2025-49852
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 146 Firefox ESR versions prior to 140.6 Thunderbird versions prior to 146 Thunderbird versions prior to 140.6 Description The JavaScript Engine contains a JIT miscompilation issue within the JIT component. This relate...
OPENSUSE-SU-2024:0201-1 Security update for Botan
This update for Botan fixes the following issues: Update to 2.19.5: Fix multiple Denial of service attacks due to X.509 cert processing: CVE-2024-34702 - boo1227238 CVE-2024-34703 - boo1227607 CVE-2024-39312 - boo1227608 Fix a crash in OCB Fix a test failure in compression with certain versions o...
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So if this function is covered by any testing the miscompile is most likely to be discovered before the binary is shipped to production."
...
Mozilla: Incorrect JITting of arguments led to use-after-free during garbage collection
The Mozilla Foundation Security Advisory describes this flaw as: The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection...
Mozilla: Incorrect JITting of arguments led to use-after-free during garbage collection
The Mozilla Foundation Security Advisory describes this flaw as: The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection...
RUSTSEC-2023-0078 Potential stack use-after-free in `Instrumented::into_inner`
The implementation of the Instrumented::intoinner method in affected versions of this crate contains undefined behavior due to incorrect use of std::mem::forget The function creates const pointers to self, calls mem::forgetselfstd::mem::forget, and then moves values out of those pointers using...
CVE-2023-41880
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
Design/Logic Flaw
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
UBUNTU-CVE-2023-41880
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
CVE-2023-41880 Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
CVE-2023-41880 Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
CVE-2023-41880
CVE-2023-41880 affects Wasmtime on x86_64 where a miscompilation of the WebAssembly i64x2.shr_s instruction occurs for constant shift amounts greater than 32. Versions 10.0.0 through 10.0.2, 11.0.2, and 12.0.1 contain the issue; patch versions 10.0.2, 11.0.2, and 12.0.2 fix it (11.0.2 and 12.0.2 ...
CVE-2023-41880
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
CVE-2023-41880 Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Impact Wasmtime versions from 10.0.0 to 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so all other targets are not affected by this. The miscompilation results i...
GHSA-GW5P-Q8MJ-P7GH Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Impact Wasmtime versions from 10.0.0 to 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so all other targets are not affected by this. The miscompilation results i...
RUSTSEC-2023-0091 Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86\_64
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gw5p-q8mj-p7gh. For more information see the GitHub-hosted security advisory...