CVE-2022-39394

wasmtime_trap_code C API function has out of bounds write vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling `wasmtime_trap_code`. Users of the `wasmtime` crate are not affected by this issue, only users of the C API function `wasmtime_trap_code` are affected.

Wasmtime es un tiempo de ejecución independiente para WebAssembly. Antes de la versión 2.0.2, había un error en la implementación de la API C de Wasmtime donde la definición de `wasmtime_trap_code` no coincide con su firma declarada en el archivo de encabezado `wasmtime/trap.h`. Esta discrepancia hace que la implementación de la función realice una escritura de 4 bytes en un búfer de 1 byte proporcionado por la persona que llama. Esto puede provocar que se escriban tres bytes cero más allá de la ubicación de 1 byte proporcionada por la persona que llama. Este error ha sido corregido y los usuarios deben actualizar a Wasmtime 2.0.2. Este error se puede solucionar proporcionando un búfer de 4 bytes convertido a un búfer de 1 byte al llamar a `wasmtime_trap_code`. Los usuarios de la caja `wasmtime` no se ven afectados por este problema, solo los usuarios de la función API de C `wasmtime_trap_code` se ven afectados.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-09-02 CVE Reserved
2022-11-10 CVE Published
2024-06-02 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (2)

URL	Tag	Source
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-h84q-m8rr-3v9q	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/bytecodealliance/wasmtime/commit/087d9d7becf7422b3f872a3bcd5d97bb7ce7ff36	2022-11-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bytecodealliance Search vendor "Bytecodealliance"		Wasmtime Search vendor "Bytecodealliance" for product "Wasmtime"				< 1.0.2 Search vendor "Bytecodealliance" for product "Wasmtime" and version " < 1.0.2"		rust		Affected
Bytecodealliance Search vendor "Bytecodealliance"		Wasmtime Search vendor "Bytecodealliance" for product "Wasmtime"				>= 2.0.0 < 2.0.2 Search vendor "Bytecodealliance" for product "Wasmtime" and version " >= 2.0.0 < 2.0.2"		rust		Affected