Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bytecodealliance wasmtime vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2022-24791
Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption (it is d...
Bytecodealliance Wasmtime
7.1
CVSSv2
CVE-2022-23636
Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an `externref` global will resu...
Bytecodealliance Wasmtime
Bytecodealliance Wasmtime 0.34.0
3.3
CVSSv2
CVE-2021-39218
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in W...
Bytecodealliance Wasmtime
Fedoraproject Fedora 34
Fedoraproject Fedora 35
3.3
CVSSv2
CVE-2021-39219
Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing that if consumers never ...
Bytecodealliance Wasmtime
Fedoraproject Fedora 34
Fedoraproject Fedora 35
3.3
CVSSv2
CVE-2021-39216
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple `externr...
Bytecodealliance Wasmtime
Fedoraproject Fedora 34
Fedoraproject Fedora 35
4.6
CVSSv2
CVE-2021-32629
Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential...
Bytecodealliance Cranelift-codegen
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2