Bytecodealliance Wasmtime vulnerabilities

CVE-2024-51745 [LOW] CWE-67 CVE-2024-51745: Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits, such as "COM¹", "COM²", "LPT⁰", "LPT¹", and so on. Untrust

CVE-2024-47763 [MEDIUM] CWE-670 CVE-2024-47763: Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail ca Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtime crash is a deterministic process abort when Wasmtime

CVE-2024-47813 [LOW] CWE-367 CVE-2024-47813: Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a `was Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a `wasmtime::Engine`'s internal type registry was susceptible to double-unregistration bugs due to a race condition, leading to panics and potentially type registry corruption. That registry corruption could, following an additional and particular sequence of

CVE-2024-30266 [MEDIUM] CWE-843 CVE-2024-30266: wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduc wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1.

CVE-2023-41880 [MEDIUM] CWE-193 CVE-2023-41880: Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 1 Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly `i64x2.shr_s` instruction on x86_64 platforms when the shift amount is a constant value that is larger than 32. Only x86_64 is affected so all other targets are not affected by this. The mi

CVE-2023-30624 [HIGH] CWE-758 CVE-2023-30624: Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtim Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issues when compiled with LLVM 16 which causes some writes, which are critic

CVE-2023-26489 [CRITICAL] CWE-125 CVE-2023-26489: wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generato wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug means that, with default codegen settings, a wasm-cont

CVE-2023-27477 [MEDIUM] CWE-193 CVE-2023-27477: wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error

CVE-2022-39394 [CRITICAL] CWE-787 CVE-2022-39394: Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer p

CVE-2022-39392 [HIGH] CWE-119 CVE-2022-39392: Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-re

CVE-2022-39393 [HIGH] CWE-226 CVE-2022-39393: Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users

CVE-2022-31169 [HIGH] CWE-682 CVE-2022-31169: Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Crane Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only affects the AArch64 platform. Other platforms are not aff

CVE-2022-31146 [HIGH] CWE-416 CVE-2022-31146: Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, C Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection. This means that if a GC happens at runtime then the GC pass will mistakenly think these functions do not have live references to

CVE-2022-31104 [MEDIUM] CWE-682 CVE-2022-31104: Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bugs were presented in the `i8x16.swizzle` and `select`

CVE-2022-24791 [CRITICAL] CWE-416 CVE-2022-24791: Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after fr Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption (it is disabled by default) then you are not affected. If you are explicitly

CVE-2022-23636 [HIGH] CWE-824 CVE-2022-23636: Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, ther Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an `externref` global will result in an invalid drop of a `VMExternRef` via an uninitialized pointer. A number of

CVE-2021-39216 [MEDIUM] CWE-416 CVE-2021-39216: Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and befor Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple `externref`s from the host to a Wasm instance at the same time, either by passing m

CVE-2021-39219 [MEDIUM] CWE-843 CVE-2021-39219: Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affecte Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing that if consumers never use `unsafe` then it should not be possible to have memory unsafety issues

CVE-2021-39218 [MEDIUM] CWE-125 CVE-2021-39218: Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and befor Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses `

CVE-2021-32629 [HIGH] CWE-788 CVE-2021-32629: Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-i Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a Wasm program. This bug was introduced in the new bac