CVE-2026-34944Uncaught Exception in Wasmtime

CWE-248Uncaught ExceptionCWE-789Memory Allocation with Excessive Size ValueCWE-466Return of Pointer Value Outside of Expected Range9 documents7 sources
Severity
4.1MEDIUMNVD
EPSS
0.0%
top 99.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Bytecodealliance Wasmtime
Timeline
PublishedApr 9

Description

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled it's possible for out-of-sandbox data to be loaded, but this data is not visible to WebAssembly guests. This v

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5bytecodealliance/wasmtime< 24.0.7+3
crates.iobytecodealliance/wasmtime0.0.0-024.0.7+4

🔴Vulnerability Details

4
OSV
Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on Cranelift x86-642026-04-09
GHSA
Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-642026-04-09
VulDB
bytecodealliance wasmtime up to 24.0.6/36.0.6/42.0.1/44.0.0 uncaught exception (GHSA-qqfj-4vcm-26hv)2026-04-09
OSV
Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-642026-04-09

📋Vendor Advisories

1
Red Hat
wasmtime: Wasmtime: Denial of Service due to out-of-bounds read during WebAssembly compilation2026-04-09

🕵️Threat Intelligence

1
Wiz
CVE-2026-34944 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

2
Bugzilla
CVE-2026-34944 tree-sitter: Wasmtime: Denial of Service due to out-of-bounds read during WebAssembly compilation [fedora-all]2026-04-09
Bugzilla
CVE-2026-34944 wasmtime: Wasmtime: Denial of Service due to out-of-bounds read during WebAssembly compilation2026-04-09