CVE-2026-34945Incorrect Conversion between Numeric Types in Wasmtime

CWE-681Incorrect Conversion between Numeric TypesCWE-200Sensitive Information Exposure9 documents7 sources
Severity
2.3LOWNVD
EPSS
0.0%
top 96.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Bytecodealliance Wasmtime
Timeline
PublishedApr 9

Description

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the host's stack to WebAssembly guests. The host's stack can possibly contain sensitive data related to other host-originating operations which is not intended to be disclosed to guests. This bug specifically

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Affected Packages2 packages

crates.iobytecodealliance/wasmtime0.0.0-036.0.7+3
CVEListV5bytecodealliance/wasmtime>= 25.0.0, < 36.0.7, >= 37.0.0, < 42.0.2, >= 43.0.0, < 44.0.1+2

🔴Vulnerability Details

4
OSV
Host data leakage with 64-bit tables and Winch2026-04-09
VulDB
bytecodealliance wasmtime up to 36.0.6/42.0.1/44.0.0 return numeric conversion (GHSA-m9w2-8782-2946)2026-04-09
GHSA
Wasmtime has host data leakage with 64-bit tables and Winch2026-04-09
OSV
Wasmtime has host data leakage with 64-bit tables and Winch2026-04-09

📋Vendor Advisories

1
Red Hat
wasmtime: winch: Wasmtime Winch compiler: Information disclosure via incorrect table.size instruction translation2026-04-09

🕵️Threat Intelligence

1
Wiz
CVE-2026-34945 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

2
Bugzilla
CVE-2026-34945 tree-sitter: Wasmtime Winch compiler: Information disclosure via incorrect table.size instruction translation [fedora-all]2026-04-09
Bugzilla
CVE-2026-34945 wasmtime: winch: Wasmtime Winch compiler: Information disclosure via incorrect table.size instruction translation2026-04-09