CVSS: 9.9EPSS: 2%CPEs: 6EXPL: 0CVE-2023-26489 – Guest-controlled out-of-bounds read/write on x86_64 in wasmtime
https://notcve.org/view.php?id=CVE-2023-26489
08 Mar 2023 — wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug means that, with default codegen settings, a wasm-controlled load/store operation could read/write addresses up to 35 bits away from the base of linear memory. Due to this bug, however, addresses up to `0xffffffff * 8... • https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.static_memory_guard_size • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-27477
https://notcve.org/view.php?id=CVE-2023-27477
08 Mar 2023 — wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vector. This code... • https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_simd • CWE-193: Off-by-one Error •