CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-41880 – Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
https://notcve.org/view.php?id=CVE-2023-41880
15 Sep 2023 — Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly `i64x2.shr_s` instruction on x86_64 platforms when the shift amount is a constant value that is larger than 32. Only x86_64 is affected so all other targets are not affected by this. The miscompilation results in the instruction producing an incorrect result, namely the low 32-bits of the second lane of the vector are derived from the low 32-bits o... • https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_simd • CWE-193: Off-by-one Error •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-30624 – Wasmtime has Undefined Behavior in Rust runtime functions
https://notcve.org/view.php?id=CVE-2023-30624
27 Apr 2023 — Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issues when compiled with LLVM 16 which causes some writes, which are critical for correctness, to be optimized away. Vulnerable versions of Wasmtime compiled with Rust 1.70, which is currently in beta, or later are known to have incor... • https://github.com/bytecodealliance/wasmtime/commit/0977952dcd9d482bff7c288868ccb52769b3a92e • CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior •
CVSS: 9.9EPSS: 2%CPEs: 6EXPL: 0CVE-2023-26489 – Guest-controlled out-of-bounds read/write on x86_64 in wasmtime
https://notcve.org/view.php?id=CVE-2023-26489
08 Mar 2023 — wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug means that, with default codegen settings, a wasm-controlled load/store operation could read/write addresses up to 35 bits away from the base of linear memory. Due to this bug, however, addresses up to `0xffffffff * 8... • https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.static_memory_guard_size • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-27477
https://notcve.org/view.php?id=CVE-2023-27477
08 Mar 2023 — wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vector. This code... • https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_simd • CWE-193: Off-by-one Error •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39392 – Wasmtime vulnerable to out of bounds read/write with zero-memory-pages configuration
https://notcve.org/view.php?id=CVE-2022-39392
10 Nov 2022 — Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration requirements for safely executing WebAssembly modules. Wasmtime's default settings require virtual memory page faults to indicate that was... • https://github.com/bytecodealliance/wasmtime/commit/e60c3742904ccbb3e26da201c9221c38a4981d72 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39393 – Wasmtime vulnerable to data leakage between instances in the pooling allocator
https://notcve.org/view.php?id=CVE-2022-39393
10 Nov 2022 — Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`. Wasmtime es una ejecución independiente... • https://github.com/bytecodealliance/wasmtime/commit/2614f2e9d2d36805ead8a8da0fa0c6e0d9e428a0 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39394 – wasmtime_trap_code C API function has out of bounds write vulnerability
https://notcve.org/view.php?id=CVE-2022-39394
10 Nov 2022 — Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller. This bug has been patched and users shoul... • https://github.com/bytecodealliance/wasmtime/commit/087d9d7becf7422b3f872a3bcd5d97bb7ce7ff36 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31169 – Cranelift vulnerable to miscompilation of constant values in division on AArch64
https://notcve.org/view.php?id=CVE-2022-31169
21 Jul 2022 — Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only affects the AArch64 platform. Other platforms are not affected. • https://github.com/bytecodealliance/wasmtime/commit/2ba4bce5cc719e5a74e571a534424614e62ecc41 • CWE-682: Incorrect Calculation •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31146 – Use After Free in Wasmtime
https://notcve.org/view.php?id=CVE-2022-31146
20 Jul 2022 — Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection. This means that if a GC happens at runtime then the GC pass will mistakenly think these functions do not have live references to GC'd values, reclaiming them and deallocating them. The function will then subsequently continue to use the values assuming they had not been GC'd, leading la... • https://github.com/WebAssembly/reference-types • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31104 – Miscompilation of `i8x16.swizzle` and `select` with v128 inputs in Wasmtime
https://notcve.org/view.php?id=CVE-2022-31104
27 Jun 2022 — Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bugs were presented in the `i8x16.swizzle` and `select` WebAssembly instructions. The `select` instruction is only affected when the inputs are of `v128` type. • https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_simd • CWE-682: Incorrect Calculation •