OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
958120be0a6adf9c4bac0d5d021a26fb68ded660
advisory-db/crates/cranelift-codegen/RUSTSEC-2021-0067.md
Sergey "Shnatsel" Davidoff 40afced5fb Remove range overlaps, fix some range specifications (#930) 
* Drop some clearly redundant bounds

* Fix RUSTSEC-2020-0091 - the version specification was incorrect, marking 1.0.0 as fixed while in reality it was not

* Fix RUSTSEC-2018-0004: presumably any updates to 0.3.x series would also get the fix, it would not be isolated to 0.3.2

* Fix incorrectly defined, overlapping ranges in RUSTSEC-2020-0080 and RUSTSEC-2019-0035
2021-06-04 23:26:23 +02:00

997 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0067"
package = "cranelift-codegen"
date = "2021-05-21"
url = "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hpqh-2wqx-7qp5"
categories = ["code-execution", "memory-corruption", "memory-exposure"]
keywords = ["miscompile", "sandbox", "wasm"]
aliases = ["CVE-2021-32629"]

[versions]
patched = [">= 0.73.1"]

[affected]
arch = ["x86"]

Memory access due to code generation flaw in Cranelift module

There is a bug in 0.73.0 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a WebAssembly module. Users of versions 0.73.0 of Cranelift should upgrade to either 0.73.1 or 0.74 to remediate this vulnerability. Users of Cranelift prior to 0.73.0 should update to 0.73.1 or 0.74 if they were not using the old default backend.

More details can be found in the GitHub Security Advisory at:

https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hpqh-2wqx-7qp5