2114 matches found
CVE-2024-47813
Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a wasmtime::Engine's internal type registry was susceptible to double-unregistration bugs due to a race condition, leading to panics and potentially type registry corruption. That registry corruption...
CVE-2024-47763
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...
PYSEC-2024-312
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...
UBUNTU-CVE-2024-47763
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...
UBUNTU-CVE-2024-47813
Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a wasmtime::Engine's internal type registry was susceptible to double-unregistration bugs due to a race condition, leading to panics and potentially type registry corruption. That registry corruption...
CVE-2024-47813 Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a wasmtime::Engine's internal type registry was susceptible to double-unregistration bugs due to a race condition, leading to panics and potentially type registry corruption. That registry corruption...
CVE-2024-47813
CVE-2024-47813 is a race-condition bug in Wasmtime where concurrent creation/dropping of types (e.g., FuncType, ArrayType) on a shared wasmtime::Engine can cause double-unregistration, potentially corrupting the internal type registry and violating WebAssembly CFI and type safety. The issue arise...
CVE-2024-47813 Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a wasmtime::Engine's internal type registry was susceptible to double-unregistration bugs due to a race condition, leading to panics and potentially type registry corruption. That registry corruption...
CVE-2024-47763
The CVE-2024-47763 issue affects Wasmtime’s WebAssembly runtime, where tail-call support combined with stack traces can trigger a crash. Root cause: when a WebAssembly function uses return_call/return_call_indirect/return_call_ref to a host function that captures a stack trace, the stack-walking ...
CVE-2024-47763 Wasmtime runtime crash when combining tail calls with trapping imports
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...
CVE-2024-47763 Wasmtime runtime crash when combining tail calls with trapping imports
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...
CVE-2024-47763 Wasmtime runtime crash when combining tail calls with trapping imports
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...
CVE-2024-47763
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...
Wasmtime 安全漏洞
Wasmtime is a standalone WebAssembly and WASI-only wasm optimization runtime open-sourced by the Bytecode Alliance. A security vulnerability exists in Wasmtime. An attacker exploiting this vulnerability could cause denial of access...
RUSTSEC-2024-0439 Race condition could lead to WebAssembly control-flow integrity and type safety violations
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-7qmx-3fpx-r45m. For more information see the GitHub-hosted security advisory...
Race condition could lead to WebAssembly control-flow integrity and type safety violations
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-7qmx-3fpx-r45m. For more information see the GitHub-hosted security advisory...
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 128.2.3 MFSA 2024-43 bsc1229821 CVE-2024-8394: Crash when aborting verification of OTR chat. CVE-2024-8385: WASM type confusion involving ArrayTypes. CVE-2024-8381: Type confusion when looking up a property name in...
mozilla: WASM type confusion involving ArrayTypes
The Mozilla Foundation's Security Advisory: A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability...
mozilla: WASM type confusion involving ArrayTypes
The Mozilla Foundation's Security Advisory: A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability...
mozilla: WASM type confusion involving ArrayTypes
The Mozilla Foundation's Security Advisory: A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability...