OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-24 20:30:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3338fcfb59cea5fcd7d2a4e7fe24cbc7cb778003
advisory-db/crates/cranelift-codegen/RUSTSEC-2021-0067.md
Alexis Mousset 8c05fea5fa Add cvss information from nvd (#1085)
2021-10-19 16:14:35 -06:00

30 lines
1.0 KiB
Markdown
Raw Blame History

```toml
[advisory]
id = "RUSTSEC-2021-0067"
package = "cranelift-codegen"
date = "2021-05-21"
url = "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hpqh-2wqx-7qp5"
categories = ["code-execution", "memory-corruption", "memory-exposure"]
keywords = ["miscompile", "sandbox", "wasm"]
aliases = ["CVE-2021-32629", "GHSA-hpqh-2wqx-7qp5"]
cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
[versions]
patched = [">= 0.73.1"]
[affected]
arch = ["x86"]
```
# Memory access due to code generation flaw in Cranelift module
There is a bug in 0.73.0 of the Cranelift x64 backend that can create a
scenario that could result in a potential sandbox escape in a WebAssembly
module. Users of versions 0.73.0 of Cranelift should upgrade to either 0.73.1
or 0.74 to remediate this vulnerability. Users of Cranelift prior to 0.73.0
should update to 0.73.1 or 0.74 if they were not using the old default backend.
More details can be found in the GitHub Security Advisory at:
<https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hpqh-2wqx-7qp5>
Reference in New Issue View Git Blame Copy Permalink