37 matches found
SUSE CVE-2026-34988
Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance to the next. The implementation of resetting the...
CVE-2026-34988
A flaw was found in Wasmtime, a runtime for WebAssembly. When Wasmtime's pooling allocator is configured with specific settings, it fails to properly reset virtual memory permissions. This oversight allows a malicious WebAssembly instance to read sensitive data from the linear memory of a...
EUVD-2026-21033
Wasmtime has data leakage between pooling allocator instances...
Wasmtime has data leakage between pooling allocator instances
Impact Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance to the next. The implementation of resetting the virtual memory permissions for linear memory used the wrong predicate to determin...
GHSA-6WGR-89RJ-399P Wasmtime has data leakage between pooling allocator instances
Impact Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance to the next. The implementation of resetting the virtual memory permissions for linear memory used the wrong predicate to determin...
DEBIAN-CVE-2026-34988
Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance to the next. The implementation of resetting the...
CVE-2026-34988
Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance to the next. The implementation of resetting the...
UBUNTU-CVE-2026-34988
Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance to the next. The implementation of resetting the...
CVE-2026-34988
Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance to the next. The implementation of resetting the...
CVE-2026-34988 Wasmtime leaks data between pooling allocator instances
Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance to the next. The implementation of resetting the...
CVE-2026-34988
Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance to the next. The implementation of resetting the...
CVE-2026-34988
Summary: CVE-2026-34988 affects Wasmtime’s pooling allocator. In certain configurations, when embedding allows specific settings, memory contents can leak between linear memories across WebAssembly instances, breaking Wasmtime’s sandbox. The issue stems from incorrect VM-permission reset logic in...
Data leakage between pooling allocator instances
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-6wgr-89rj-399p For more information see the GitHub-hosted security advisory...
RUSTSEC-2026-0088 Data leakage between pooling allocator instances
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-6wgr-89rj-399p For more information see the GitHub-hosted security advisory...
PT-2026-31691
Name of the Vulnerable Software and Affected Versions Wasmtime versions 28.0.0 through 36.0.6, 42.0.2 and 43.0.1 Description Wasmtime's pooling allocator implementation contains a flaw where linear memory contents can leak between WebAssembly instances under specific configurations. This occurs d...
Linux Distros Unpatched Vulnerability : CVE-2026-34988
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contains a bug where...
EUVD-2022-0913
Malicious code in bioql PyPI...
EUVD-2022-7455
Malicious code in bioql PyPI...
CVE-2022-39393
Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously ...
GHSA-WH6W-3828-G9QF Wasmtime may have data leakage between instances in the pooling allocator
Impact There is a bug in Wasmtime's implementation of it's pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. The pooling instance allocator in Wasmtime works by...