Описание
Critical Use-After-Free in Wasmi's Linear Memory
Summary
A use-after-free vulnerability has been discovered in the linear memory implementation of Wasmi. This issue can be triggered by a WebAssembly module under certain memory growth conditions, potentially leading to memory corruption, information disclosure, or code execution.
Impact
- Confidentiality: High – attacker-controlled memory reads possible.
- Integrity: High – memory corruption may allow arbitrary writes.
- Availability: High – interpreter crashes possible.
Affected Versions
Wasmi v0.41.0 through Wasmi v1.0.0.
Workarounds
- Upgrade to the latest patched version of Wasmi.
- Consider limiting the maximum linear memory sizes where feasible.
Credits
This vulnerability was discovered by Robert T. Morris (RTM).
Пакеты
wasmi
>= 0.41.0, < 0.41.2
0.41.2
wasmi
>= 0.42.0, < 0.47.1
0.47.1
wasmi
>= 0.50.0, < 0.51.3
0.51.3
wasmi
>= 1.0.0, < 1.0.1
1.0.1
Связанные уязвимости
Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use After Free vulnerability, triggered by a WebAssembly module under certain memory growth conditions. This issue potentially leads to memory corruption, information disclosure, or code execution. This issue is fixed in versions 0.41.2, 0.47.1, 0.51.3 and 1.0.1. To workaround this issue, consider limiting the maximum linear memory sizes where feasible.