CVE-2022-39394
published 2022-11-10CVE-2022-39394: Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the…
PriorityP348critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.32%
23.2th percentile
Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling `wasmtime_trap_code`. Users of the `wasmtime` crate are not affected by this issue, only users of the C API function `wasmtime_trap_code` are affected.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bytecodealliance | wasmtime | < 2.0.2 | 2.0.2 |
| bytecodealliance | wasmtime | < 1.0.2 | 1.0.2 |
| bytecodealliance | wasmtime | >= 0 < 1.0.2 | 1.0.2 |
| bytecodealliance | wasmtime | >= 0.0.0-0 < 1.0.2 | 1.0.2 |
| bytecodealliance | wasmtime | >= 2.0.0 < 2.0.2 | 2.0.2 |
| bytecodealliance | wasmtime | >= 2.0.0 < 2.0.2 | 2.0.2 |
| debian | rust-wasmtime | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian3.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
wasmtime_trap_code C API function has out of bounds write vulnerability
ghsa·2024-02-01
CVE-2022-39394 [LOW] CWE-787 wasmtime_trap_code C API function has out of bounds write vulnerability
wasmtime_trap_code C API function has out of bounds write vulnerability
### Impact
There is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller.
### Patches
This bug has been patched and users should upgrade to Wasmtime 2.0.2.
### Workarounds
This can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling `wasmtime_trap_code`. Users of the `wasmtime` crate are not affected by this issue, only users of the C API function `wasm
OSV
wasmtime_trap_code C API function has out of bounds write vulnerability
osv·2024-02-01
CVE-2022-39394 [LOW] wasmtime_trap_code C API function has out of bounds write vulnerability
wasmtime_trap_code C API function has out of bounds write vulnerability
### Impact
There is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller.
### Patches
This bug has been patched and users should upgrade to Wasmtime 2.0.2.
### Workarounds
This can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling `wasmtime_trap_code`. Users of the `wasmtime` crate are not affected by this issue, only users of the C API function `wasm
OSV
CVE-2022-39394: Wasmtime is a standalone runtime for WebAssembly
osv·2022-11-10·CVSS 9.8
CVE-2022-39394 [CRITICAL] CVE-2022-39394: Wasmtime is a standalone runtime for WebAssembly
Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling `wasmtime_trap_code`. Users of the `wasmtime` crate are not affected by this issue, only users of the C API function `wasmtime_trap_code` are affected.
OSV
Out of bounds write in `wasmtime_trap_code` C API function
osv·2022-11-07
CVE-2022-39394 Out of bounds write in `wasmtime_trap_code` C API function
Out of bounds write in `wasmtime_trap_code` C API function
This is an entry in the RustSec database for the Wasmtime security advisory
located at
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-h84q-m8rr-3v9q.
For more information see the GitHub-hosted security advisory.
Debian
CVE-2022-39394: rust-wasmtime - Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there ...
vendor_debian·2022·CVSS 3.8
CVE-2022-39394 [LOW] CVE-2022-39394: rust-wasmtime - Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there ...
Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling `wasmtime_trap_code`. Users of the `wasmtime` crate are not affected by this issue, only users of the C API function `wasmtime_trap_code` are affected.
Scope: lo
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/bytecodealliance/wasmtime/commit/087d9d7becf7422b3f872a3bcd5d97bb7ce7ff36https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-h84q-m8rr-3v9qhttps://github.com/bytecodealliance/wasmtime/commit/087d9d7becf7422b3f872a3bcd5d97bb7ce7ff36https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-h84q-m8rr-3v9q
2022-11-10
Published