CVE-2022-39393
published 2022-11-10CVE-2022-39393: Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance…
PriorityP344high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
EPSS
0.66%
46.8th percentile
Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2 and 1.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bytecodealliance | wasmtime | < 1.0.2 | 1.0.2 |
| bytecodealliance | wasmtime | — | — |
| bytecodealliance | wasmtime | >= 0 < 1.0.2 | 1.0.2 |
| bytecodealliance | wasmtime | >= 0.0.0-0 < 1.0.2 | 1.0.2 |
| bytecodealliance | wasmtime | >= 2.0.0 < 2.0.2 | 2.0.2 |
| bytecodealliance | wasmtime | >= 2.0.0 < 2.0.2 | 2.0.2 |
| debian | rust-wasmtime | — | — |
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
osv8.6HIGH
vendor_debian8.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Bug in pooling instance allocator
osv·2022-11-10
CVE-2022-39393 Bug in pooling instance allocator
Bug in pooling instance allocator
bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance.
Mitigations are described [here](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf).
OSV
Wasmtime may have data leakage between instances in the pooling allocator
osv·2022-11-10
CVE-2022-39393 [HIGH] Wasmtime may have data leakage between instances in the pooling allocator
Wasmtime may have data leakage between instances in the pooling allocator
### Impact
There is a bug in Wasmtime's implementation of it's pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. The pooling instance allocator in Wasmtime works by preallocating virtual memory for a fixed number of instances to reside in and then new instantiations pick a slot to use. Most conventional modules additionally have an initial copy-on-write "heap image" which is mapped in Wasmtime into the linear memory slot. When a heap slot is deallocated Wasmtime resets all of its contents back to the initial state but it does not unmap the image in case the next instance is an instant
OSV
CVE-2022-39393: Wasmtime is a standalone runtime for WebAssembly
osv·2022-11-10·CVSS 8.6
CVE-2022-39393 [HIGH] CVE-2022-39393: Wasmtime is a standalone runtime for WebAssembly
Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2 and 1.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`.
GHSA
Wasmtime may have data leakage between instances in the pooling allocator
ghsa·2022-11-10
CVE-2022-39393 [HIGH] CWE-212 Wasmtime may have data leakage between instances in the pooling allocator
Wasmtime may have data leakage between instances in the pooling allocator
### Impact
There is a bug in Wasmtime's implementation of it's pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. The pooling instance allocator in Wasmtime works by preallocating virtual memory for a fixed number of instances to reside in and then new instantiations pick a slot to use. Most conventional modules additionally have an initial copy-on-write "heap image" which is mapped in Wasmtime into the linear memory slot. When a heap slot is deallocated Wasmtime resets all of its contents back to the initial state but it does not unmap the image in case the next instance is an instant
OSV
Data leakage between instances in the pooling allocator
osv·2022-11-05
CVE-2022-39393 Data leakage between instances in the pooling allocator
Data leakage between instances in the pooling allocator
This is an entry in the RustSec database for the Wasmtime security advisory
located at
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf.
For more information see the GitHub-hosted security advisory.
Debian
CVE-2022-39393: rust-wasmtime - Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1....
vendor_debian·2022·CVSS 8.6
CVE-2022-39393 [HIGH] CVE-2022-39393: rust-wasmtime - Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1....
Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2 and 1.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`.
Scope: local
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/bytecodealliance/wasmtime/commit/2614f2e9d2d36805ead8a8da0fa0c6e0d9e428a0https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qfhttps://github.com/bytecodealliance/wasmtime/commit/2614f2e9d2d36805ead8a8da0fa0c6e0d9e428a0https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf
2022-11-10
Published