CVE-2021-39218Out-of-bounds Read in Wasmtime

CWE-125Out-of-bounds ReadCWE-590Free of Memory not on the HeapCWE-787Out-of-bounds Write10 documents4 sources
Severity
6.3MEDIUMNVD
EPSS
0.2%
top 60.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Bytecodealliance WasmtimeFedoraproject FedoraDebian Rust-wasmtime
Timeline
PublishedSep 17
Latest updateSep 20

Description

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses `externref`s, the host creates non-null `externrefs`, Wasmtime performs a garbage collection (GC), and there has to be a Wasm frame on the stack that

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.0 | Impact: 5.2

Affected Packages5 packages

NVDbytecodealliance/wasmtime0.26.00.30.0
PyPIbytecodealliance/wasmtime0.26.00.30.0+4
crates.iobytecodealliance/wasmtime0.0.0-00.30.0+2
CVEListV5bytecodealliance/wasmtime>= 0.26.0, <= 0.29.0

Also affects: Fedora 34, 35

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

8
GHSA
Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime2021-09-20
OSV
Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime2021-09-20
OSV
Use after free passing `externref`s to Wasm in Wasmtime2021-09-20
OSV
Wrong type for `Linker`-define functions when used across two `Engine`s2021-09-20
OSV
Multiple Vulnerabilities in Wasmtime2021-09-17

📋Vendor Advisories

1
Debian
CVE-2021-39218: rust-wasmtime - Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from vers...2021