Описание
Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of [Typed]Func::call_async which made it capable of calling async-typed guest export functions. However, that implementation had a bug leading to a panic under certain circumstances: First, the host embedding calls [Typed]Func::call_async on a function exported by a component, polling the returned Future once. Second, the component function yields control to the async runtime (e.g. Tokio), e.g. due to a call to host function registered using LinkerInstance::func_wrap_async which yields, or due an epoch interruption. Third, the host embedding drops the Future after polling it once. This leaves the component instance in a non-reenterable state since the call never had a chance to complete. Fourth, the host embedding calls [Typed]Func::call_async again, polling the returned Future. Since the component inst
Ссылки
- Product
- Patch
- Patch
- ProductRelease Notes
- ProductRelease Notes
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
Дефекты
Связанные уязвимости
Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the `component-model-async` feature became the default, which brought with it a new implementation of `[Typed]Func::call_async` which made it capable of calling async-typed guest export functions. However, that implementation had a bug leading to a panic under certain circumstances: First, the host embedding calls `[Typed]Func::call_async` on a function exported by a component, polling the returned `Future` once. Second, the component function yields control to the async runtime (e.g. Tokio), e.g. due to a call to host function registered using `LinkerInstance::func_wrap_async` which yields, or due an epoch interruption. Third, the host embedding drops the `Future` after polling it once. This leaves the component instance in a non-reenterable state since the call never had a chance to complete. Fourth, the host embedding calls `[Typed]Func::call_async` again, polling the returned `Future`. Since the component i...
Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the `component-model-async` feature became the default, which brought with it a new implementation of `[Typed]Func::call_async` which made it capable of calling async-typed guest export functions. However, that implementation had a bug leading to a panic under certain circumstances: First, the host embedding calls `[Typed]Func::call_async` on a function exported by a component, polling the returned `Future` once. Second, the component function yields control to the async runtime (e.g. Tokio), e.g. due to a call to host function registered using `LinkerInstance::func_wrap_async` which yields, or due an epoch interruption. Third, the host embedding drops the `Future` after polling it once. This leaves the component instance in a non-reenterable state since the call never had a chance to complete. Fourth, the host embedding calls `[Typed]Func::call_async` again, polling the returned `Future`. Since the component i...
Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, ...
Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future
EPSS
7.5 High
CVSS3