CVE-2021-32629

Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape i...

CVE-2024-51745

Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits,...

CVE-2024-51745

Wasmtime on Windows had a sandbox bypass where filenames with superscript digits (e.g., COM¹, LPT⁰) were not blocked, allowing untrusted Wasm code with filesystem access to reach devices and peripherals via special device filenames. Affected software: Wasmtime’s Windows filesystem sandbox. Root c...

CVE-2024-51745

Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits,...

GHSA-4MQ4-7RW3-VM5J Wasmer filesystem sandbox not enforced

Summary As of Wasmer version v4.2.3, Wasm programs can access the filesystem outside of the sandbox. Details https://github.com/wasmerio/wasmer/issues/4267 PoC A minimal Rust program: fn main let f = std::fs::OpenOptions::new .writetrue .createnewtrue .open"abc" .unwrap; This should be compiled...