Lucene search
+L
BytecodeallianceWasmtime

7 matches found

CVE
CVE
added 2024/04/04 3:42 p.m.314 views

CVE-2024-30266

CVE-2024-30266 affects the Wasmtime WebAssembly runtime. The 19.0.0 release contained a regression that can cause a guest WebAssembly module to panic the host runtime when executed, potentially impacting host stability. The issue is addressed in Wasmtime 19.0.1. Multiple sources (NVD/NIST entry, ...

5.5CVSS3.6AI score0.00318EPSS
CVE
CVE
added 2024/10/09 6:3 p.m.295 views

CVE-2024-47763

The CVE-2024-47763 issue affects Wasmtime’s WebAssembly runtime, where tail-call support combined with stack traces can trigger a crash. Root cause: when a WebAssembly function uses return_call/return_call_indirect/return_call_ref to a host function that captures a stack trace, the stack-walking ...

5.5CVSS5.4AI score0.00245EPSS
CVE
CVE
added 2023/09/15 7:43 p.m.71 views

CVE-2023-41880

CVE-2023-41880 affects Wasmtime on x86_64 where a miscompilation of the WebAssembly i64x2.shr_s instruction occurs for constant shift amounts greater than 32. Versions 10.0.0 through 10.0.2, 11.0.2, and 12.0.1 contain the issue; patch versions 10.0.2, 11.0.2, and 12.0.2 fix it (11.0.2 and 12.0.2 ...

5.3CVSS4.7AI score0.00605EPSS
CVE
CVE
added 2026/04/09 6:47 p.m.30 views

CVE-2026-34983

Wasmtime 43.0.0 contains a use-after-free bug when cloning wasmtime::Linker, triggered by a specific host embedder API sequence (clone, drop original, use cloned linker). The issue is not controllable by guest Wasm programs and can manifest as a segfault; it does not enable heap corruption or dat...

5CVSS5.9AI score0.00117EPSS
CVE
CVE
added 2026/07/01 8:12 p.m.22 views

CVE-2026-54786

Wasmtime’s native WASIp1 fd_renumber implementation leaks host resources because the guest-facing fd_renumber updates only the WASIp1 descriptor table, not the host’s underlying table. This affects wasm runtimes that expose fd_renumber and allow file descriptors; affected versions include all pri...

5CVSS5.7AI score0.00217EPSS
CVE
CVE
added 2026/01/27 6:58 p.m.17 views

CVE-2026-24116

CVE-2026-24116 affects Wasmtime (WebAssembly runtime) on x86-64 with AVX. The Cranelift-based compilation of the f64.copysign instruction may load 8 bytes too many, potentially causing an uncaught segfault when signals-based-traps are disabled and loading from guard pages occurs. Affected version...

5.5CVSS5.8AI score0.00214EPSS
CVE
CVE
added 2026/04/09 6:38 p.m.15 views

CVE-2026-34944

Wasmtime (WebAssembly runtime) prior to versions 24.0.7, 36.0.7, 42.0.2, and 43.0.1 on x86-64 with SSE3 disabled could compile f64x2.splat via Cranelift in a way that loads 8 extra bytes. When signals-based traps are disabled this may cause an uncaught segfault from unmapped guard pages. With gua...

5.7CVSS5.9AI score0.00227EPSS