CVE-2023-27477 — Off-by-one Error in Cranelift-codegen

CWE-193 — Off-by-one Error6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 35.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bytecodealliance Cranelift-codegen Bytecodealliance Wasmtime Debian Rust-wasmtime +3 more

Timeline

PublishedMar 8

Latest updateMar 14

Description

wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vecto…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages9 packages

▶NVDbytecodealliance/wasmtime0.37.0 — 4.0.1+2

▶crates.iobytecodealliance/wasmtime1.0.0 — 4.0.1+3

▶CVEListV5bytecodealliance/wasmtime6 versions+5

▶debiandebian/rust-wasmtime

▶NVDbytecodealliance/cranelift-codegen0.84.0 — 0.91.1+2

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64↗2023-03-09

▶

GHSA

wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64↗2023-03-09

▶

OSV

Miscompilation of `i8x16.select` with the same inputs on x86\_64↗2023-03-03

▶

📋Vendor Advisories

Microsoft

wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend Cranelift has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the ↗2023-03-14

▶

Debian

CVE-2023-27477: rust-wasmtime - wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generatio...↗2023

▶