Lucene search
K

37 matches found

Github Security Blog
Github Security Blog
added 2022/11/10 9:16 p.m.18 views

Wasmtime may have data leakage between instances in the pooling allocator

Impact There is a bug in Wasmtime's implementation of it's pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. The pooling instance allocator in Wasmtime works by...

8.6CVSS8.3AI score0.00657EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2022/11/10 8:15 p.m.59 views

CVE-2022-39392

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mappi...

7.4CVSS0.00577EPSS
Exploits0References2
Prion
Prion
added 2022/11/10 8:15 p.m.14 views

Out-of-bounds

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mappi...

4CVSS7.4AI score0.00577EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/11/10 8:15 p.m.1 views

UBUNTU-CVE-2022-39392

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mappi...

7.4CVSS5.7AI score0.00577EPSS
Exploits0References4
RustSec
RustSec
added 2022/11/10 12:0 p.m.24 views

Bug in Wasmtime implementation of pooling instance allocator

Bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration...

7.4CVSS1AI score0.00577EPSS
Exploits0Affected Software1
CVE
CVE
added 2022/11/10 12:0 a.m.72 views

CVE-2022-39393

Wasmtime vulnerability CVE-2022-39393: prior to versions 2.0.2 and 1.0.2, a bug in the pooling instance allocator can cause the initial heap snapshot of a prior instance to be visible to the next instance when reusing linear memory. This data leakage between instances can lead to information expo...

8.6CVSS8.4AI score0.00657EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/10 12:0 a.m.7 views

CVE-2022-39393 Wasmtime vulnerable to data leakage between instances in the pooling allocator

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously ...

8.6CVSS8.4AI score0.00657EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/10 12:0 a.m.36 views

CVE-2022-39393 Wasmtime vulnerable to data leakage between instances in the pooling allocator

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously ...

8.6CVSS8.8AI score0.00657EPSS
Exploits0References2
OSV
OSV
added 2022/11/10 12:0 a.m.26 views

CVE-2022-39393 Wasmtime vulnerable to data leakage between instances in the pooling allocator

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously ...

8.6CVSS8.3AI score0.00657EPSS
Exploits0References4
OSV
OSV
added 2022/11/10 12:0 a.m.26 views

CVE-2022-39392 Wasmtime vulnerable to out of bounds read/write with zero-memory-pages configuration

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mappi...

5.9CVSS7.3AI score0.00577EPSS
Exploits0References4
RustSec
RustSec
added 2022/11/05 12:0 p.m.5 views

Data leakage between instances in the pooling allocator

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf. For more information see the GitHub-hosted security advisory...

8.6CVSS7AI score0.00657EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/11/05 12:0 p.m.6 views

RUSTSEC-2022-0098 Data leakage between instances in the pooling allocator

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf. For more information see the GitHub-hosted security advisory...

8.6CVSS8.4AI score0.00657EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/05 12:0 a.m.4 views

PT-2022-24952 · Wasmtime · Wasmtime

Name of the Vulnerable Software and Affected Versions: Wasmtime versions prior to 2.0.2 Description: There is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance, the initial heap snapshot of the prior instance can be...

8.6CVSS8.2AI score0.00657EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2022/11/05 12:0 a.m.3 views

PT-2022-24951 · Wasmtime · Wasmtime

Name of the Vulnerable Software and Affected Versions: Wasmtime versions prior to 2.0.2 Description: There is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuratio...

7.4CVSS7.3AI score0.00577EPSS
Exploits0References17
RustSec
RustSec
added 2022/02/17 12:0 p.m.6 views

Invalid drop of VMExternRef from partially-initialized instances in the pooling instance allocator

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-88xq-w8cq-xfg7. For more information see the GitHub-hosted security advisory...

8.1CVSS7AI score0.0076EPSS
Exploits1Affected Software1
OSV
OSV
added 2022/02/17 12:0 p.m.6 views

RUSTSEC-2022-0096 Invalid drop of VMExternRef from partially-initialized instances in the pooling instance allocator

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-88xq-w8cq-xfg7. For more information see the GitHub-hosted security advisory...

8.1CVSS5.9AI score0.0076EPSS
Exploits1References3
OSV
OSV
added 2022/02/16 10:35 p.m.4 views

GHSA-88XQ-W8CQ-XFG7 Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals

Impact There exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a VMExternRef via an uninitialized pointer. As instance slots may be reused between...

5.1CVSS7.4AI score0.0076EPSS
Exploits1References5
Rows per page
Query Builder