Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-53901

Опубликовано: 18 июл. 2025
Источник: ubuntu
Приоритет: medium
CVSS3: 3.5

Описание

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host (embedder). The specific bug is triggered by calling path_open after calling fd_renumber with either two equal argument values or a second argument being equal to a previously-closed file descriptor number value. The corrupt state introduced in fd_renumber will lead to the subsequent opening of a file descriptor to panic. This panic cannot introduce memory unsafety or allow WebAssembly to break outside of its sandbox, however. There is no possible heap corruption or memory unsafety from this panic. This bug is in the implementation of Wasmtime's wasmtime-wasi crate which provides an implementation of WASIp1. The bug requires a specially crafted call to fd_renumber in addition to the ability to open a subsequent file descriptor. Opening a second file descript...

РелизСтатусПримечание
devel

needs-triage

esm-apps/noble

needs-triage

jammy

DNE

noble

needs-triage

plucky

needs-triage

upstream

needs-triage

Показывать по

Ссылки на источники

3.5 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-53901

CVSS3: 3.5
nvd
около 1 месяца назад

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host (embedder). The specific bug is triggered by calling `path_open` after calling `fd_renumber` with either two equal argument values or a second argument being equal to a previously-closed file descriptor number value. The corrupt state introduced in `fd_renumber` will lead to the subsequent opening of a file descriptor to panic. This panic cannot introduce memory unsafety or allow WebAssembly to break outside of its sandbox, however. There is no possible heap corruption or memory unsafety from this panic. This bug is in the implementation of Wasmtime's `wasmtime-wasi` crate which provides an implementation of WASIp1. The bug requires a specially crafted call to `fd_renumber` in addition to the ability to open a subsequent file descriptor. Opening a second file descriptor

debian логотип

CVE-2025-53901

CVSS3: 3.5
debian
около 1 месяца назад

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0. ...

github логотип

GHSA-fm79-3f68-h2fc

CVSS3: 3.5
github
около 1 месяца назад

Wasmtime CLI is vulnerable to host panic through its fd_renumber function

3.5 Low

CVSS3