Bytecodealliance

Wasmtime

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.12%
  • Veröffentlicht 08.07.2026 20:22:16
  • Zuletzt bearbeitet 10.07.2026 19:10:59

Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with ...

  • EPSS 0.23%
  • Veröffentlicht 01.07.2026 20:12:35
  • Zuletzt bearbeitet 02.07.2026 19:27:54

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers f...

  • EPSS 0.36%
  • Veröffentlicht 15.06.2026 19:47:40
  • Zuletzt bearbeitet 16.06.2026 15:49:43

Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 des...

  • EPSS 0.32%
  • Veröffentlicht 14.05.2026 14:54:32
  • Zuletzt bearbeitet 13.07.2026 13:16:41

Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This overflow is possible to trigger, and thus panic, when ...

  • EPSS 0.22%
  • Veröffentlicht 09.04.2026 19:16:25
  • Zuletzt bearbeitet 15.04.2026 13:00:37

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest component's realloc is not validated before the h...

  • EPSS 0.21%
  • Veröffentlicht 09.04.2026 19:16:25
  • Zuletzt bearbeitet 15.04.2026 13:04:49

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backend contains a bug where translating the table.grow operator causes the result to be incorrectly typed. For 32-bit tables this mean...

  • EPSS 0.29%
  • Veröffentlicht 09.04.2026 19:16:25
  • Zuletzt bearbeitet 15.04.2026 13:14:31

Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance t...

  • EPSS 0.28%
  • Veröffentlicht 09.04.2026 19:16:25
  • Zuletzt bearbeitet 15.04.2026 13:41:57

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch (baseline) non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sand...

  • EPSS 0.36%
  • Veröffentlicht 09.04.2026 19:16:24
  • Zuletzt bearbeitet 20.04.2026 18:26:23

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a vulnerability where the compilation of the table.fill instruction can result in a host panic. This means that a valid guest ...

  • EPSS 0.32%
  • Veröffentlicht 09.04.2026 19:16:24
  • Zuletzt bearbeitet 20.04.2026 18:28:03

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags ...