Lucene search
+L
BytecodeallianceWasmtime

9 matches found

CVE
CVE
added 2021/09/17 8:10 p.m.113 views

CVE-2021-39218

Technical details about CVE-2021-39218 (affected Wasmtime versions 0.26.0–0.30.0, root cause, exploit paths, and fixes) are not provided in the supplied documents. Monitor for official disclosures and patches.

6.3CVSS6.5AI score0.003EPSS
CVE
CVE
added 2022/06/27 11:20 p.m.96 views

CVE-2022-31104

CVE-2022-31104 concerns Wasmtime’s x86_64 SIMD implementation. Two Cranelift lowering bugs affected i8x16.swizzle and select for v128 inputs: swizzle overwrote the mask input register, potentially corrupting a constant; and select incorrectly handled 128‑bit vectors when the condition was 0, movi...

6.8CVSS5.6AI score0.01625EPSS
CVE
CVE
added 2021/09/17 8:10 p.m.93 views

CVE-2021-39219

Technical details about CVE-2021-39219 are not publicly provided in the connected documents. Monitor for updates from official advisories; the supplied sources do not enumerate affected products/versions or fixes beyond the initial description.

6.3CVSS6.3AI score0.00361EPSS
CVE
CVE
added 2021/09/17 8:5 p.m.82 views

CVE-2021-39216

Wasmtime (pre-0.30.0) contains a use-after-free when passing multiple externref values from host to guest Wasm, potentially allowing a GC to reclaim the first externref and then reuse it after control returns to Wasm. Affected versions are 0.19.0–0.29.0; upgrading to Wasmtime 0.30.0 fixes the iss...

6.3CVSS6.4AI score0.00307EPSS
CVE
CVE
added 2026/04/09 6:52 p.m.46 views

CVE-2026-34988

Summary: CVE-2026-34988 affects Wasmtime’s pooling allocator. In certain configurations, when embedding allows specific settings, memory contents can leak between linear memories across WebAssembly instances, breaking Wasmtime’s sandbox. The issue stems from incorrect VM-permission reset logic in...

6.3CVSS5.9AI score0.00286EPSS
CVE
CVE
added 2026/04/09 6:32 p.m.30 views

CVE-2026-34942

Wasmtime VM exposes a DoS risk due to a panic-triggering path when transcoding strings into utf16/latin1+utf16. Root cause: alignment verification for reallocated strings was improper, allowing unaligned pointers to be passed to the host by a malicious guest. Affected versions prior to fixed rele...

6.5CVSS5.9AI score0.00354EPSS
CVE
CVE
added 2026/04/09 6:40 p.m.29 views

CVE-2026-34945

Wasmtime (Winch) vulnerability: a bug in the 64-bit memory64 table.size translation could disclose data from the host stack to WebAssembly guests. Affected builds range 25.0.0 through just before 36.0.7, 42.0.2, and 43.0.1. Root cause: return value of table.size was statically typed as 32‑bit ins...

6.5CVSS5.9AI score0.00324EPSS
CVE
CVE
added 2026/02/24 9:23 p.m.27 views

CVE-2026-27204

CVE-2026-27204 involves Wasmtime’s WASI host interfaces, where guest code could exhaust host resources due to insufficient limits on resource allocations. Affected versions prior to fixes include 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0. The fixes are released in Wasmtime 24.0.6, 36.0.6, 40.0.4...

6.9CVSS5.4AI score0.00345EPSS
CVE
CVE
added 2026/04/09 6:55 p.m.24 views

CVE-2026-35195

The CVE-2026-35195 vulnerability affects Wasmtime (WebAssembly runtime) where the guest component’s realloc return value is not validated during transcoding of component-model strings. This can allow a guest to cause the host to write arbitrary transcoded string bytes to an arbitrary address up t...

6.1CVSS6AI score0.00216EPSS