CVE-2022-23636Access of Uninitialized Pointer in Wasmtime

CWE-824Access of Uninitialized Pointer7 documents4 sources
Severity
8.1HIGHNVD
EPSS
0.2%
top 59.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Bytecodealliance WasmtimeBytecodealliance Cranelift-codegenDebian Rust-wasmtime
Timeline
PublishedFeb 16
Latest updateJul 21

Description

Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an `externref` global will result in an invalid drop of a `VMExternRef` via an uninitialized pointer. A number of conditions listed in the GitHub Security Advisory must be true in order for an instance to be vulnerable to this issue. Maintainers believe that t

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages5 packages

CVEListV5bytecodealliance/wasmtime< 0.33.0+1
crates.iobytecodealliance/wasmtime0.0.0-00.38.2+4

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
Cranelift vulnerable to miscompilation of constant values in division on AArch642022-07-21
OSV
Miscompilation of constant values in division on AArch642022-07-05
OSV
Invalid drop of VMExternRef from partially-initialized instances in the pooling instance allocator2022-02-17
GHSA
Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals2022-02-16
OSV
Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals2022-02-16

📋Vendor Advisories

1
Debian
CVE-2022-23636: rust-wasmtime - Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.3...2022