CVE-2023-27477

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vector. This codegen bug has been fixed in Wasmtiem 6.0.1, 5.0.1, and 4.0.1. Users are recommended to upgrade to these updated versions. If upgrading is not an option for you at this time, you can avoid this miscompilation by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other platforms such as AArch64 and s390x are not affected.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-03-01 CVE Reserved
2023-03-08 CVE Published
2024-06-12 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-193: Off-by-one Error

CAPEC

References (5)

URL	Tag	Source
https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_simd	Product
https://github.com/webassembly/simd	Not Applicable

URL	Date	SRC

URL	Date	SRC
https://github.com/bytecodealliance/wasmtime/commit/5dc2bbccbb363e474d2c9a1b8e38a89a43bbd5d1	2023-03-15
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xm67-587q-r2vw	2023-03-15

URL	Date	SRC
https://groups.google.com/a/bytecodealliance.org/g/sec-announce/c/Mov-ItrNJsQ	2023-03-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bytecodealliance Search vendor "Bytecodealliance"		Cranelift-codegen Search vendor "Bytecodealliance" for product "Cranelift-codegen"				>= 0.84.0 < 0.91.1 Search vendor "Bytecodealliance" for product "Cranelift-codegen" and version " >= 0.84.0 < 0.91.1"		rust		Affected
Bytecodealliance Search vendor "Bytecodealliance"		Cranelift-codegen Search vendor "Bytecodealliance" for product "Cranelift-codegen"				0.92.0 Search vendor "Bytecodealliance" for product "Cranelift-codegen" and version "0.92.0"		rust		Affected
Bytecodealliance Search vendor "Bytecodealliance"		Cranelift-codegen Search vendor "Bytecodealliance" for product "Cranelift-codegen"				0.93.0 Search vendor "Bytecodealliance" for product "Cranelift-codegen" and version "0.93.0"		rust		Affected
Bytecodealliance Search vendor "Bytecodealliance"		Wasmtime Search vendor "Bytecodealliance" for product "Wasmtime"				>= 0.37.0 < 4.0.1 Search vendor "Bytecodealliance" for product "Wasmtime" and version " >= 0.37.0 < 4.0.1"		rust		Affected
Bytecodealliance Search vendor "Bytecodealliance"		Wasmtime Search vendor "Bytecodealliance" for product "Wasmtime"				5.0.0 Search vendor "Bytecodealliance" for product "Wasmtime" and version "5.0.0"		rust		Affected
Bytecodealliance Search vendor "Bytecodealliance"		Wasmtime Search vendor "Bytecodealliance" for product "Wasmtime"				6.0.0 Search vendor "Bytecodealliance" for product "Wasmtime" and version "6.0.0"		rust		Affected