Количество 4
Количество 4
CVE-2023-26489
wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug means that, with default codegen settings, a wasm-controlled load/store operation could read/write addresses up to 35 bits away from the base of linear memory. Due to this bug, however, addresses up to `0xffffffff * 8 + 0x7ffffffc = 36507222004 = ~34G` bytes away from the base of linear memory are possible from guest code. This means that the virtual memory 6G away from the base of linear memory up to ~34G away can be read/written by a malicious module. A guest module can, without the knowledge of the embedder, read/write memory in this region. The memory may belong to other WebAssembly instances when using the pooling allocator, for example. Affected embedders are recommended to analyze preexist
CVE-2023-26489
wasmtime is a fast and secure runtime for WebAssembly. In affected ver ...
GHSA-ff4p-7xrq-q5r8
wasmtime vulnerable to guest-controlled out-of-bounds read/write on x86_64
BDU:2023-01929
Уязвимость компилятора Cranelift (ранее Cretonne) среды выполнения для WebAssembly-приложений Wasmtime, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-26489 wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug means that, with default codegen settings, a wasm-controlled load/store operation could read/write addresses up to 35 bits away from the base of linear memory. Due to this bug, however, addresses up to `0xffffffff * 8 + 0x7ffffffc = 36507222004 = ~34G` bytes away from the base of linear memory are possible from guest code. This means that the virtual memory 6G away from the base of linear memory up to ~34G away can be read/written by a malicious module. A guest module can, without the knowledge of the embedder, read/write memory in this region. The memory may belong to other WebAssembly instances when using the pooling allocator, for example. Affected embedders are recommended to analyze preexist | CVSS3: 9.9 | 2% Низкий | почти 3 года назад |
| CVE-2023-26489 wasmtime is a fast and secure runtime for WebAssembly. In affected ver ... | CVSS3: 9.9 | 2% Низкий | почти 3 года назад |
| GHSA-ff4p-7xrq-q5r8 wasmtime vulnerable to guest-controlled out-of-bounds read/write on x86_64 | CVSS3: 9.9 | 2% Низкий | почти 3 года назад |
 | BDU:2023-01929 Уязвимость компилятора Cranelift (ранее Cretonne) среды выполнения для WebAssembly-приложений Wasmtime, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании | CVSS3: 9.9 | 2% Низкий | почти 3 года назад |
Уязвимостей на страницу