6 matches found
CVE-2026-54786
Summary: CVE-2026-54786 affects Wasmtime’s native WASIp1 implementation. The leak occurs in the fd_renumber path where the destination file descriptor is not properly closed, causing host-side resource and file descriptor leaks. The bug only affects runtimes that load core wasm modules and expose...
CVE-2026-54786
Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...
EUVD-2025-21918
Malicious code in bioql PyPI...
Wasmtime CLI is vulnerable to host panic through its fd_renumber function
Summary A bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling fdrenumber with either: - two equal argument values - second argument being equal...
CVE-2025-53901 Wasmtime has host panic with `fd_renumber` WASIp1 function
Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...
CVE-2025-53901 Wasmtime has host panic with `fd_renumber` WASIp1 function
Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...