CVE-2024-30266

Опубликовано: 04 апр. 2024

Источник: nvd

CVSS3: 3.3

CVSS3: 5.5

EPSS Низкий

Описание

wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1.

Ссылки

https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664
Patch
https://github.com/bytecodealliance/wasmtime/issues/8281
Exploit
Issue Tracking
https://github.com/bytecodealliance/wasmtime/pull/8018
Patch
https://github.com/bytecodealliance/wasmtime/pull/8283
Patch
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5
Mitigation
Third Party Advisory
https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664
Patch
https://github.com/bytecodealliance/wasmtime/issues/8281
Exploit
Issue Tracking
https://github.com/bytecodealliance/wasmtime/pull/8018
Patch
https://github.com/bytecodealliance/wasmtime/pull/8283
Patch
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bytecodealliance:wasmtime:19.0.0:*:*:*:*:rust:*:*

EPSS

Процентиль: 4%

0.0002

Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-843

Связанные уязвимости

CVE-2024-30266

CVSS3: 3.3

ubuntu

почти 2 года назад

CVE-2024-30266

CVSS3: 3.3

debian

почти 2 года назад

wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime ...

GHSA-75hq-h6g9-h4q5

CVSS3: 3.3

github

почти 2 года назад

Wasmtime vulnerable to panic when using a dropped extenref-typed element segment

EPSS

Процентиль: 4%

0.0002

Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-843