CVE-2024-47813 – Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
https://notcve.org/view.php?id=CVE-2024-47813
Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a `wasmtime::Engine`'s internal type registry was susceptible to double-unregistration bugs due to a race condition, leading to panics and potentially type registry corruption. That registry corruption could, following an additional and particular sequence of concurrent events, lead to violations of WebAssembly's control-flow integrity (CFI) and type safety. Users that do not use `wasmtime::Engine` across multiple threads are not affected. Users that only create new modules across threads over time are additionally not affected. • https://github.com/bytecodealliance/wasmtime/pull/7969 https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-7qmx-3fpx-r45m • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2024-47763 – Wasmtime runtime crash when combining tail calls with trapping imports
https://notcve.org/view.php?id=CVE-2024-47763
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtime crash is a deterministic process abort when Wasmtime is compiled with Rust 1.81 and later. WebAssembly tail calls are a proposal which relatively recently reached stage 4 in the standardization process. • https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_tail_call https://github.com/WebAssembly/proposals https://github.com/bytecodealliance/wasmtime/pull/8540 https://github.com/bytecodealliance/wasmtime/pull/8682 https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q8hx-mm92-4wvg https://github.com/webassembly/tail-call • CWE-670: Always-Incorrect Control Flow Implementation •
CVE-2024-30266 – Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
https://notcve.org/view.php?id=CVE-2024-30266
wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1. wasmtime es un tiempo de ejecución para WebAssembly. La versión 19.0.0 de Wasmtime contiene una regresión introducida durante su desarrollo que puede provocar que un módulo WebAssembly invitado cause pánico en el tiempo de ejecución del host. • https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664 https://github.com/bytecodealliance/wasmtime/issues/8281 https://github.com/bytecodealliance/wasmtime/pull/8018 https://github.com/bytecodealliance/wasmtime/pull/8283 https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •