Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bytecodealliance wasmtime vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-30624
Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-leve...
Bytecodealliance Wasmtime 8.0.0
Bytecodealliance Wasmtime 7.0.0
Bytecodealliance Wasmtime
NA
CVE-2023-26489
wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit eff...
Bytecodealliance Wasmtime 6.0.0
Bytecodealliance Wasmtime 5.0.0
Bytecodealliance Wasmtime
Bytecodealliance Cranelift-codegen 0.93.0
Bytecodealliance Cranelift-codegen 0.92.0
Bytecodealliance Cranelift-codegen
NA
CVE-2023-27477
wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and so...
Bytecodealliance Wasmtime 6.0.0
Bytecodealliance Wasmtime 5.0.0
Bytecodealliance Wasmtime
Bytecodealliance Cranelift-codegen 0.93.0
Bytecodealliance Cranelift-codegen 0.92.0
Bytecodealliance Cranelift-codegen
7.1
CVSSv2
CVE-2022-23636
Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an `externref` global will resu...
Bytecodealliance Wasmtime
Bytecodealliance Wasmtime 0.34.0
6.8
CVSSv2
CVE-2022-31104
Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal ...
Bytecodealliance Wasmtime
Bytecodealliance Cranelift-codegen
NA
CVE-2022-31146
Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection. This means that if a GC happens at runtime then th...
Bytecodealliance Wasmtime
Bytecodealliance Cranelift-codegen
NA
CVE-2022-31169
Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift before 0.85....
Bytecodealliance Wasmtime
Bytecodealliance Cranelift-codegen
6.8
CVSSv2
CVE-2022-24791
Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption (it is d...
Bytecodealliance Wasmtime
NA
CVE-2023-41880
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly `i64x2.shr_s` instruction on x86_64 platforms when the shift amount is a constant value that is larger than 32. Only x...
Bytecodealliance Wasmtime
NA
CVE-2022-39392
Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, th...
Bytecodealliance Wasmtime
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »