OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-19 09:55:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add recent Wasmtime CVEs (#1046)

Browse Source 
* Add recent Wasmtime CVEs

* replace URL with references

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
This commit is contained in:
Nick Fitzgerald
2021-09-17 13:47:54 -07:00
committed by GitHub
parent ab0a84327e
commit 3d742d4426
1 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
crates/wasmtime/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,31 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "wasmtime"
date = "2021-09-17"
references = ["https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-v4cp-h94r-m7xf", "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4873-36h9-wv49", "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q879-9g95-56mx"]
categories = ["memory-corruption", "memory-exposure"]
keywords = ["use-after-free", "out-of-bounds read", "out-of-bounds write", "Wasm", "garbage collection"]
aliases = ["CVE-2021-39216", "CVE-2021-39219", "CVE-2021-39218"]
[versions]
patched = [">= 0.30.0"]
unaffected = []
[affected.functions]
"wasmtime::Store::gc" = ["< 0.30.0"]
"wasmtime::Linker::func_wrap" = ["< 0.30.0"]
"wasmtime::Linker::func_new" = ["< 0.30.0"]
```
# Multiple Vulnerabilities in Wasmtime
* [Use after free passing `externref`s to Wasm in
Wasmtime](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-v4cp-h94r-m7xf)
* [Out-of-bounds read/write and invalid free with `externref`s and GC safepoints
in
Wasmtime](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4873-36h9-wv49)
* [Wrong type for `Linker`-define functions when used across two
`Engine`s](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q879-9g95-56mx)