Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/04/09 8:22 p.m.12 views

Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64

On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages...

5.7CVSS5.9AI score0.00227EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/09 8:22 p.m.4 views

GHSA-QQFJ-4VCM-26HV Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64

On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages...

5.7CVSS5.9AI score0.00227EPSS
Exploits0References4
OSV
OSV
added 2026/01/27 7:16 p.m.9 views

AZL-75536 CVE-2026-24116 affecting package rust 1.90.0-3

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

5.5CVSS5.6AI score0.00214EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/27 7:16 p.m.5 views

CVE-2026-24116

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

5.5CVSS5.7AI score0.00214EPSS
Exploits0References12
EUVD
EUVD
added 2026/01/27 6:58 p.m.5 views

EUVD-2026-4773

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

4.1CVSS5.8AI score0.00214EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/01/27 6:58 p.m.5 views

CVE-2026-24116

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

4.1CVSS5.8AI score0.00214EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-4857

Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 36.0.5 Wasmtime versions 36.0.5 through 40.0.2 Wasmtime versions 40.0.3 through 41.0.0 Wasmtime versions 41.0.1 Description A flaw in Wasmtime's Cranelift compiler can lead to a host-level segmentation fault when...

5.5CVSS5.9AI score0.00214EPSS
Exploits0References23
Rows per page
Query Builder