RUSTSEC-2022-0076 Bug in Wasmtime implementation of pooling instance allocator

Bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration...

Bug in pooling instance allocator

bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. Mitigations are described here...

Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals

Impact There exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a VMExternRef via an uninitialized pointer. As instance slots may be reused between...

Default configuration

Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...

CVE-2022-23636 Invalid drop of partially-initialized instances in wasmtime

Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...