cbcvebase.
CVE-2024-30266
published 2024-04-04

CVE-2024-30266: wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest…

PriorityP421medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
0.32%
23.5th percentile
wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1.

Affected

4 ranges
VendorProductVersion rangeFixed in
bytecodealliancewasmtime
bytecodealliancewasmtime
bytecodealliancewasmtime>= 19.0.0 < 19.0.119.0.1
debianrust-wasmtime< rust-wasmtime 21.0.2+dfsg-1 (forky)rust-wasmtime 21.0.2+dfsg-1 (forky)

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM
vendor_debian3.3LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.