Bytecodealliance

Wasmtime

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.23%
  • Veröffentlicht 09.04.2026 19:16:24
  • Zuletzt bearbeitet 20.04.2026 18:27:28

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When ...

  • EPSS 0.32%
  • Veröffentlicht 09.04.2026 19:16:24
  • Zuletzt bearbeitet 20.04.2026 18:26:39

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. T...

  • EPSS 0.32%
  • Veröffentlicht 09.04.2026 19:16:24
  • Zuletzt bearbeitet 30.06.2026 03:18:59

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accesse...

  • EPSS 0.12%
  • Veröffentlicht 09.04.2026 19:16:24
  • Zuletzt bearbeitet 15.04.2026 14:49:52

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls ...

  • EPSS 0.35%
  • Veröffentlicht 09.04.2026 19:16:23
  • Zuletzt bearbeitet 20.04.2026 18:28:12

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. ...

  • EPSS 0.38%
  • Veröffentlicht 09.04.2026 19:16:23
  • Zuletzt bearbeitet 20.04.2026 18:28:46

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a vulnerability where when transcoding a UTF-16 string to the latin1+utf16 component-model encoding it would incorrectly validate the byte length of...

  • EPSS 0.47%
  • Veröffentlicht 24.02.2026 21:31:50
  • Zuletzt bearbeitet 25.02.2026 15:36:36

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the `wasi:http/types.fields` resource is susceptible to panics when too many fields are added to the set of headers. Was...

  • EPSS 0.35%
  • Veröffentlicht 24.02.2026 21:23:47
  • Zuletzt bearbeitet 25.02.2026 15:20:51

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of WASI host interfaces are susceptible to guest-controlled resource exhaustion on the host. Wasmtime did not appropriately...

  • EPSS 0.36%
  • Veröffentlicht 24.02.2026 21:15:20
  • Zuletzt bearbeitet 25.02.2026 15:20:22

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the `component-model-async` feature became the default, which brought with it a new implementation of `[Typed]Func::call_async` which made it capable of calling async-typed guest e...

  • EPSS 0.21%
  • Veröffentlicht 27.01.2026 18:58:52
  • Zuletzt bearbeitet 12.02.2026 21:36:55

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the `f64.copysign` WebAssembly instruction with Cranelift may load 8 more bytes...