Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bytecodealliance wasmtime vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-41880
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly `i64x2.shr_s` instruction on x86_64 platforms when the shift amount is a constant value that is larger than 32. Only x...
Bytecodealliance Wasmtime
NA
CVE-2023-30624
Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-leve...
Bytecodealliance Wasmtime 8.0.0
Bytecodealliance Wasmtime 7.0.0
Bytecodealliance Wasmtime
NA
CVE-2023-27477
wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and so...
Bytecodealliance Wasmtime 6.0.0
Bytecodealliance Wasmtime 5.0.0
Bytecodealliance Wasmtime
Bytecodealliance Cranelift-codegen 0.93.0
Bytecodealliance Cranelift-codegen 0.92.0
Bytecodealliance Cranelift-codegen
NA
CVE-2023-26489
wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit eff...
Bytecodealliance Wasmtime 6.0.0
Bytecodealliance Wasmtime 5.0.0
Bytecodealliance Wasmtime
Bytecodealliance Cranelift-codegen 0.93.0
Bytecodealliance Cranelift-codegen 0.92.0
Bytecodealliance Cranelift-codegen
NA
CVE-2022-39392
Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, th...
Bytecodealliance Wasmtime
NA
CVE-2022-39393
Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, e...
Bytecodealliance Wasmtime
NA
CVE-2022-39394
Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes th...
Bytecodealliance Wasmtime
NA
CVE-2022-31169
Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift before 0.85....
Bytecodealliance Wasmtime
Bytecodealliance Cranelift-codegen
NA
CVE-2022-31146
Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection. This means that if a GC happens at runtime then th...
Bytecodealliance Wasmtime
Bytecodealliance Cranelift-codegen
6.8
CVSSv2
CVE-2022-31104
Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal ...
Bytecodealliance Wasmtime
Bytecodealliance Cranelift-codegen
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »