CVE-2026-34988

Summary: CVE-2026-34988 affects Wasmtime’s pooling allocator. In certain configurations, when embedding allows specific settings, memory contents can leak between linear memories across WebAssembly instances, breaking Wasmtime’s sandbox. The issue stems from incorrect VM-permission reset logic in...

wasmtime 缓冲区错误漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions of Wastime prior to 36.0.7, 42.0.2, and 43.0.1 contained a buffer error vulnerability. This vulnerability stemmed from a flaw in the Winch compiler backend, which could allow guest Wasm access to host...

FreeBSD : mozilla -- 64 bit JIT WASM read on left over memroy (a93a1d2a-109d-11f0-8195-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a93a1d2a-109d-11f0-8195-b42e991fc52e advisory. [email protected] reports: On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pic...

UBUNTU-CVE-2025-1933

On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

USN-6703-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-2609, CVE-2024-2611,...

UBUNTU-CVE-2022-39392

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mappi...