OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 16:24:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add wasmtime CVE-2022-39393 (#1509)

Browse Source
This commit is contained in:
pinkforest(she/her)
2023-01-13 00:12:31 +11:00
committed by GitHub
parent 4b4ba5b43b
commit f1e7c48600
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
crates/wasmtime/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,20 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "wasmtime"
date = "2022-11-10"
url = "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf"
references = ["https://github.com/bytecodealliance/wasmtime/commit/2614f2e9d2d36805ead8a8da0fa0c6e0d9e428a0", "https://github.com/bytecodealliance/wasmtime/commit/3535acbf3be032ef1ba0b469b8ab92538a8a18a6"]
categories = ["memory-exposure"]
keywords = ["use-after-free", "Wasm", "garbage collection"]
aliases = ["CVE-2022-39393", "GHSA-wh6w-3828-g9qf"]
[versions]
patched = [">= 2.0.2"]
```
# Bug in pooling instance allocator
bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance.
Mitigations are described [here](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf).