Lucene search
+L
BytecodeallianceWasmtime

5 matches found

CVE
CVE
added 2022/02/16 10:0 p.m.94 views

CVE-2022-23636

CVE-2022-23636 affects Wasmtime prior to 0.34.1 and 0.33.1, due to a bug in the pooling instance allocator that can cause an invalid drop of a VMExternRef when a module defines an externref global and instance creation fails. The vulnerability depends on specific conditions (e.g., mprotect/Virtua...

8.1CVSS6.5AI score0.00772EPSS
CVE
CVE
added 2022/07/20 10:30 p.m.86 views

CVE-2022-31146

CVE-2022-31146 affects Wasmtime (Cranelift) in the migration to the regalloc2 allocator (Wasmtime 0.37.0). The bug may cause metadata for reference-typed functions to be missing during GC, making the GC pass think there are no live references, leading to use-after-free when values are later acces...

8.8CVSS7.5AI score0.01111EPSS
CVE
CVE
added 2022/11/10 12:0 a.m.72 views

CVE-2022-39393

Wasmtime vulnerability CVE-2022-39393: prior to versions 2.0.2 and 1.0.2, a bug in the pooling instance allocator can cause the initial heap snapshot of a prior instance to be visible to the next instance when reusing linear memory. This data leakage between instances can lead to information expo...

8.6CVSS8.4AI score0.00657EPSS
CVE
CVE
added 2023/04/27 4:56 p.m.64 views

CVE-2023-30624

Wasmtime CVE-2023-30624 concerns an LLVM-level undefined behavior in per-instance state management (VMContext) of the Wasmtime runtime. The issue occurs in Wasmtime versions prior to 6.0.2, 7.0.1, and 8.0.1 and arises when unsafe code mutates VMContext data via methods using &self, which can lead...

8.8CVSS6.7AI score0.0045EPSS
CVE
CVE
added 2026/04/09 6:29 p.m.27 views

CVE-2026-34941

Wasmtime (WebAssembly runtime) contains a heap OOB read during transcoding of UTF-16 to the latin1+utf16 component-model encoding. The bug stems from validating the input length by code units instead of by byte length, causing reads beyond the WebAssembly linear memory during bounds checking. In ...

8.1CVSS5.9AI score0.00376EPSS