OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 08:13:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add RUSTSEC notice for CVE-2021-32629, a Cranelift miscompilation bug. (#918)

Browse Source
This commit is contained in:
Chris Fallin
2021-05-22 08:03:45 -07:00
committed by GitHub
parent 60b9a9e9c3
commit c8a2c774a3
1 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
crates/cranelift-codegen/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,28 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "cranelift-codegen"
date = "2021-05-21"
url = "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hpqh-2wqx-7qp5"
categories = ["code-execution", "memory-corruption", "memory-exposure"]
keywords = ["miscompile", "sandbox", "wasm"]
aliases = ["CVE-2021-32629"]
[versions]
patched = [">= 0.73.1", ">= 0.74"]
[affected]
arch = ["x86"]
```
# Memory access due to code generation flaw in Cranelift module
There is a bug in 0.73.0 of the Cranelift x64 backend that can create a
scenario that could result in a potential sandbox escape in a WebAssembly
module. Users of versions 0.73.0 of Cranelift should upgrade to either 0.73.1
or 0.74 to remediate this vulnerability. Users of Cranelift prior to 0.73.0
should update to 0.73.1 or 0.74 if they were not using the old default backend.
More details can be found in the GitHub Security Advisory at:
<https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hpqh-2wqx-7qp5>