CVE-2021-39216Use After Free in Wasmtime

CWE-416Use After Free10 documents4 sources
Severity
6.3MEDIUMNVD
EPSS
0.2%
top 64.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Bytecodealliance WasmtimeFedoraproject FedoraDebian Rust-wasmtime
Timeline
PublishedSep 17
Latest updateSep 20

Description

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple `externref`s from the host to a Wasm instance at the same time, either by passing multiple `externref`s as arguments from host code to a Wasm function, or returning multiple `externref`s to Wasm from a multi-value return function de

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.0 | Impact: 5.2

Affected Packages5 packages

NVDbytecodealliance/wasmtime0.19.00.30.0
PyPIbytecodealliance/wasmtime0.26.00.30.0+4
crates.iobytecodealliance/wasmtime0.0.0-00.30.0+2
CVEListV5bytecodealliance/wasmtime>=0.19.0, <=0.29.0

Also affects: Fedora 34, 35

🔴Vulnerability Details

8
GHSA
Use after free passing `externref`s to Wasm in Wasmtime2021-09-20
OSV
Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime2021-09-20
OSV
Use after free passing `externref`s to Wasm in Wasmtime2021-09-20
OSV
Wrong type for `Linker`-define functions when used across two `Engine`s2021-09-20
OSV
Multiple Vulnerabilities in Wasmtime2021-09-17

📋Vendor Advisories

1
Debian
CVE-2021-39216: rust-wasmtime - Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from vers...2021