CVE-2022-39392Improper Restriction of Operations within the Bounds of a Memory Buffer in Wasmtime

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write7 documents4 sources
Severity
7.4HIGHNVD
EPSS
0.2%
top 58.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Bytecodealliance WasmtimeDebian Rust-wasmtime
Timeline
PublishedNov 10

Description

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration requirements for safely executing WebAssembly modules. Wasmtime's default settings require virtual memory page faults to indic

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages4 packages

CVEListV5bytecodealliance/wasmtime< 2.0.2
NVDbytecodealliance/wasmtime2.0.02.0.2+1
crates.iobytecodealliance/wasmtime0.0.0-01.0.2+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
Bug in Wasmtime implementation of pooling instance allocator2022-11-10
OSV
Wasmtime out of bounds read/write with zero-memory-pages configuration2022-11-10
GHSA
Wasmtime out of bounds read/write with zero-memory-pages configuration2022-11-10
OSV
CVE-2022-39392: Wasmtime is a standalone runtime for WebAssembly2022-11-10
OSV
Out of bounds read/write with zero-memory-pages configuration2022-11-05

📋Vendor Advisories

1
Debian
CVE-2022-39392: rust-wasmtime - Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there ...2022