CVE-2026-34944
- EPSS 0.23%
- Veröffentlicht 09.04.2026 19:16:24
- Zuletzt bearbeitet 20.04.2026 18:27:28
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When ...
CVE-2026-34945
- EPSS 0.32%
- Veröffentlicht 09.04.2026 19:16:24
- Zuletzt bearbeitet 20.04.2026 18:26:39
Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. T...
- EPSS 0.32%
- Veröffentlicht 09.04.2026 19:16:24
- Zuletzt bearbeitet 30.06.2026 03:18:59
Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accesse...
- EPSS 0.12%
- Veröffentlicht 09.04.2026 19:16:24
- Zuletzt bearbeitet 15.04.2026 14:49:52
Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls ...
CVE-2026-34942
- EPSS 0.35%
- Veröffentlicht 09.04.2026 19:16:23
- Zuletzt bearbeitet 20.04.2026 18:28:12
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. ...
CVE-2026-34941
- EPSS 0.38%
- Veröffentlicht 09.04.2026 19:16:23
- Zuletzt bearbeitet 20.04.2026 18:28:46
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a vulnerability where when transcoding a UTF-16 string to the latin1+utf16 component-model encoding it would incorrectly validate the byte length of...
CVE-2026-27572
- EPSS 0.47%
- Veröffentlicht 24.02.2026 21:31:50
- Zuletzt bearbeitet 25.02.2026 15:36:36
Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the `wasi:http/types.fields` resource is susceptible to panics when too many fields are added to the set of headers. Was...
CVE-2026-27204
- EPSS 0.35%
- Veröffentlicht 24.02.2026 21:23:47
- Zuletzt bearbeitet 25.02.2026 15:20:51
Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of WASI host interfaces are susceptible to guest-controlled resource exhaustion on the host. Wasmtime did not appropriately...
CVE-2026-27195
- EPSS 0.36%
- Veröffentlicht 24.02.2026 21:15:20
- Zuletzt bearbeitet 25.02.2026 15:20:22
Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the `component-model-async` feature became the default, which brought with it a new implementation of `[Typed]Func::call_async` which made it capable of calling async-typed guest e...
CVE-2026-24116
- EPSS 0.21%
- Veröffentlicht 27.01.2026 18:58:52
- Zuletzt bearbeitet 12.02.2026 21:36:55
Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the `f64.copysign` WebAssembly instruction with Cranelift may load 8 more bytes...