Wasmtime Security Vulnerabilities and Issues — Wasmtime CVE List

Lucene search

BytecodeallianceWasmtime

4 matches found

CVE•added 2021/09/17 8:15 p.m.•69 views

CVE-2021-39219

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should n...

6.3CVSS6.3AI score0.00074EPSS

CVE•added 2021/09/17 9:15 p.m.•64 views

CVE-2021-39218

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger this ...

6.3CVSS6.5AI score0.00089EPSS

CVE•added 2021/05/24 4:15 p.m.•62 views

CVE-2021-32629

Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in ...

8.8CVSS7.8AI score0.00139EPSS

CVE•added 2021/09/17 8:15 p.m.•58 views

CVE-2021-39216

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a Was...

6.3CVSS6.4AI score0.00074EPSS