5.5
CVE-2026-24116
- EPSS 0.21%
- Veröffentlicht 27.01.2026 18:58:52
- Zuletzt bearbeitet 12.02.2026 21:36:55
- CVE-Watchlists
- Unerledigt
Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64
Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the `f64.copysign` WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled it's possible for out-of-sandbox data to be loaded, but unless there is another bug in Cranelift this data is not visible to WebAssembly guests. Wasmtime 36.0.5, 40.0.3, and 41.0.1 have been released to fix this issue. Users are recommended to upgrade to the patched versions of Wasmtime. Other affected versions are not patched and users should updated to supported major version instead. This bug can be worked around by enabling signals-based-traps. While disabling guard pages can be a quick fix in some situations, it's not recommended to disabled guard pages as it is a key defense-in-depth measure of Wasmtime.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bytecodealliance ≫ Wasmtime SwPlatformrust Version >= 29.0.0 < 36.0.5
Bytecodealliance ≫ Wasmtime SwPlatformrust Version >= 40.0.0 < 40.0.3
Bytecodealliance ≫ Wasmtime SwPlatformrust Version >= 41.0.0 < 41.0.1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.116 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 4.1 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://docs.wasmtime.dev/stability-release.html
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73
https://github.com/bytecodealliance/wasmtime/commit/728fa07184f8da2a046f48ef9b61f869dce133a6
https://github.com/bytecodealliance/wasmtime/commit/799585fc362fcb991de147dd1a9f2ba0861ed440
https://github.com/bytecodealliance/wasmtime/commit/ac92d9bb729ad3a6d93f0724c4c33a0c4a9c0227
https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.memory_guard_size
https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.signals_based_traps
https://rustsec.org/advisories/RUSTSEC-2026-0006.html