Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-53901

Опубликовано: 18 июл. 2025
Источник: nvd
CVSS3: 3.5
EPSS Низкий

Описание

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host (embedder). The specific bug is triggered by calling path_open after calling fd_renumber with either two equal argument values or a second argument being equal to a previously-closed file descriptor number value. The corrupt state introduced in fd_renumber will lead to the subsequent opening of a file descriptor to panic. This panic cannot introduce memory unsafety or allow WebAssembly to break outside of its sandbox, however. There is no possible heap corruption or memory unsafety from this panic. This bug is in the implementation of Wasmtime's wasmtime-wasi crate which provides an implementation of WASIp1. The bug requires a specially crafted call to fd_renumber in addition to the ability to open a subsequent file descriptor. Opening a second file descriptor

Ссылки

EPSS

Процентиль: 16%
0.00053
Низкий

3.5 Low

CVSS3

Дефекты

CWE-672

Связанные уязвимости

ubuntu логотип

CVE-2025-53901

CVSS3: 3.5
ubuntu
около 1 месяца назад

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host (embedder). The specific bug is triggered by calling `path_open` after calling `fd_renumber` with either two equal argument values or a second argument being equal to a previously-closed file descriptor number value. The corrupt state introduced in `fd_renumber` will lead to the subsequent opening of a file descriptor to panic. This panic cannot introduce memory unsafety or allow WebAssembly to break outside of its sandbox, however. There is no possible heap corruption or memory unsafety from this panic. This bug is in the implementation of Wasmtime's `wasmtime-wasi` crate which provides an implementation of WASIp1. The bug requires a specially crafted call to `fd_renumber` in addition to the ability to open a subsequent file descriptor. Opening a second file descript...

debian логотип

CVE-2025-53901

CVSS3: 3.5
debian
около 1 месяца назад

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0. ...

github логотип

GHSA-fm79-3f68-h2fc

CVSS3: 3.5
github
около 1 месяца назад

Wasmtime CLI is vulnerable to host panic through its fd_renumber function

EPSS

Процентиль: 16%
0.00053
Низкий

3.5 Low

CVSS3

Дефекты

CWE-672