Wasmtime Security Vulnerabilities and Issues — Wasmtime CVE List

Lucene search

BytecodeallianceWasmtime

4 matches found

CVE•added 2022/06/28 12:15 a.m.•70 views

CVE-2022-31104

Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bug...

6.8CVSS5.6AI score0.00641EPSS

CVE•added 2021/09/17 8:15 p.m.•69 views

CVE-2021-39219

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should n...

6.3CVSS6.3AI score0.00074EPSS

CVE•added 2021/09/17 9:15 p.m.•64 views

CVE-2021-39218

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger this ...

6.3CVSS6.5AI score0.00089EPSS

CVE•added 2021/09/17 8:15 p.m.•58 views

CVE-2021-39216

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a Was...

6.3CVSS6.4AI score0.00074EPSS