Wasmtime@* Security Vulnerabilities and Issues — Wasmtime@* CVE List

Lucene search

BytecodeallianceWasmtime*

8 matches found

CVE•added 2022/02/16 10:15 p.m.•75 views

CVE-2022-23636

Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a VME...

8.1CVSS6.5AI score0.00174EPSS

CVE•added 2022/06/28 12:15 a.m.•70 views

CVE-2022-31104

Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bug...

6.8CVSS5.6AI score0.00641EPSS

CVE•added 2022/03/31 11:15 p.m.•67 views

CVE-2022-24791

Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption (it is disabled by default)...

9.8CVSS9.1AI score0.00373EPSS

CVE•added 2022/07/21 4:15 a.m.•64 views

CVE-2022-31146

Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection. This means that if a GC happens at runtime then the GC pass will mistakenl...

8.8CVSS7.5AI score0.00141EPSS

CVE•added 2022/07/22 4:15 a.m.•61 views

CVE-2022-31169

Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only aff...

7.5CVSS6.8AI score0.00147EPSS

CVE•added 2022/11/10 8:15 p.m.•55 views

CVE-2022-39393

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to...

8.6CVSS8.4AI score0.00095EPSS

CVE•added 2022/11/10 8:15 p.m.•53 views

CVE-2022-39392

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping...

7.4CVSS6.4AI score0.00078EPSS

CVE•added 2022/11/10 8:15 p.m.•50 views

CVE-2022-39394

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the wasmtime_trap_code does not match its declared signature in the wasmtime/trap.h header file. This discrepancy causes the function implementation to...

9.8CVSS6.8AI score0.00041EPSS