pkg:crates.io/wasmtime

All known vulnerabilities

• CRITICAL10.0CVE-2024-51745Wasmtime doesn't fully sandbox all the Windows device filenames
  >= 0.0.0-0, < 24.0.2, >= 25.0.0, < 25.0.3, >= 26.0.0, < 26.0.1
• CRITICAL10.0CVE-2024-51745Wasmtime doesn't fully sandbox all the Windows device filenames
  from 0, < 24.0.2
• CRITICAL9.9Wasmtime with Winch compiler backend may allow a sandbox-escaping memory access
  >= 25.0.0, < 36.0.7
• CRITICAL9.9Wasmtime with Winch compiler backend may allow a sandbox-escaping memory access
  >= 0.0.0-0, < 36.0.7, >= 37.0.0, < 42.0.2, >= 43.0.0, < 43.0.1
• CRITICAL9.9Guest-controlled out-of-bounds read/write on x86\_64
  >= 0.0.0-0, < 4.0.1, >= 5.0.0, < 5.0.1, >= 6.0.0, < 6.0.1
• CRITICAL9.9Guest-controlled out-of-bounds read/write on x86\_64
  >= 0.37.0, < 4.0.1
• HIGH8.6Data leakage between instances in the pooling allocator
  >= 0.0.0-0, < 1.0.2, >= 2.0.0, < 2.0.2
• HIGH8.6Data leakage between instances in the pooling allocator
  >= 0.0.0-0, < 1.0.2, >= 2.0.0, < 2.0.2
• HIGH8.6Data leakage between instances in the pooling allocator
  >= 2.0.0, < 2.0.2
• HIGH8.1Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding
  >= 0.0.0-0, < 24.0.7, >= 25.0.0, < 36.0.7, >= 37.0.0, < 42.0.2, >= 43.0.0, < 43.0.1
• HIGH8.1Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding
  from 0, < 24.0.7
• HIGH8.1Use after free with `externref`s and epoch interruption in Wasmtime
  >= 0.0.0-0, < 0.34.2, >= 0.35.0, < 0.35.2
• HIGH8.1Use after free with `externref`s and epoch interruption in Wasmtime
  from 0, < 0.34.2
• HIGH8.1Use after free with `externref`s and epoch interruption in Wasmtime
  >= 0.34.0, < 0.34.2, >= 0.35.0, < 0.35.2
• HIGH7.8Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift
  >= 0.0.0-0, < 36.0.7, >= 37.0.0, < 42.0.2, >= 43.0.0, < 43.0.1
• HIGH7.8Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift
  >= 32.0.0, < 36.0.7
• HIGH7.5Panic when allocating a table exceeding the size of the host's address space
  >= 30.0.0, < 36.0.8
• HIGH7.5Panic when allocating a table exceeding the size of the host's address space
  >= 30.0.0, < 36.0.8, >= 37.0.0, < 43.0.2, >= 44.0.0, < 44.0.1
• HIGH7.5Host panic when Winch compiler executes `table.fill`
  >= 0.0.0-0, < 36.0.7, >= 37.0.0, < 42.0.2, >= 43.0.0, < 43.0.1
• HIGH7.5Host panic when Winch compiler executes `table.fill`
  >= 25.0.0, < 36.0.7
• HIGH7.5Panic when lifting `flags` component value
  from 0, < 24.0.7
• HIGH7.5Panic when lifting `flags` component value
  >= 0.0.0-0, < 24.0.7, >= 25.0.0, < 36.0.7, >= 37.0.0, < 42.0.2, >= 43.0.0, < 43.0.1
• HIGH7.5Panic adding excessive fields to a `wasi:http/types.fields` instance
  from 0, < 24.0.6
• HIGH7.5Panic adding excessive fields to a `wasi:http/types.fields` instance
  >= 0.0.0-0, < 24.0.6, >= 25.0.0, < 36.0.6, >= 37.0.0, < 40.0.4, >= 41.0.0, < 41.0.4
• MEDIUM6.5Host data leakage with 64-bit tables and Winch
  >= 0.0.0-0, < 36.0.7, >= 37.0.0, < 42.0.2, >= 43.0.0, < 43.0.1
• MEDIUM6.5Host data leakage with 64-bit tables and Winch
  >= 25.0.0, < 36.0.7
• MEDIUM6.5Panic when transcoding misaligned component model UTF-16 strings
  from 0, < 24.0.7
• MEDIUM6.5Panic when transcoding misaligned component model UTF-16 strings
  >= 0.0.0-0, < 24.0.7, >= 25.0.0, < 36.0.7, >= 37.0.0, < 42.0.2, >= 43.0.0, < 43.0.1
• MEDIUM6.5Guest-controlled resource exhaustion in WASI implementations
  from 0, < 24.0.6
• MEDIUM6.5Guest-controlled resource exhaustion in WASI implementations
  >= 0.0.0-0, < 24.0.6, >= 25.0.0, < 36.0.6, >= 37.0.0, < 40.0.4, >= 41.0.0, < 41.0.4
• MEDIUM6.4Use After Free with `externref`s in Wasmtime
  >= 0.37.0, < 0.38.2
• MEDIUM6.4Use After Free with `externref`s in Wasmtime
  >= 0.0.0-0, < 0.38.2
• MEDIUM6.3Data leakage between pooling allocator instances
  >= 0.0.0-0, < 36.0.7, >= 37.0.0, < 42.0.2, >= 43.0.0, < 43.0.1
• MEDIUM6.3Data leakage between pooling allocator instances
  >= 28.0.0, < 36.0.7
• MEDIUM6.3Multiple Vulnerabilities in Wasmtime
  >= 0.26.0, < 0.30.0
• MEDIUM6.3Multiple Vulnerabilities in Wasmtime
  from 0, < 0.30.0
• MEDIUM6.3Multiple Vulnerabilities in Wasmtime
  from 0, < 0.30.0
• MEDIUM6.3Multiple Vulnerabilities in Wasmtime
  >= 0.0.0-0, < 0.30.0
• MEDIUM5.9Out of bounds read/write with zero-memory-pages configuration
  >= 0.0.0-0, < 1.0.2, >= 2.0.0, < 2.0.2
• MEDIUM5.9Out of bounds read/write with zero-memory-pages configuration
  >= 0.0.0-0, < 1.0.2, >= 2.0.0, < 2.0.2
• MEDIUM5.9Out of bounds read/write with zero-memory-pages configuration
  >= 2.0.0, < 2.0.2
• MEDIUM5.9Miscompilation of constant values in division on AArch64
  >= 0.0.0-0, < 0.33.1, >= 0.34.0, < 0.34.1
• MEDIUM5.9Miscompilation of constant values in division on AArch64
  from 0, < 0.38.2
• MEDIUM5.9Miscompilation of constant values in division on AArch64
  >= 0.34.0, < 0.34.1
• MEDIUM5.9Miscompilation of constant values in division on AArch64
  >= 0.0.0-0, < 0.38.2
• MEDIUM5.7Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on Cranelift x86-64
  from 0, < 24.0.7
• MEDIUM5.7Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on Cranelift x86-64
  >= 0.0.0-0, < 24.0.7, >= 25.0.0, < 36.0.7, >= 37.0.0, < 42.0.2, >= 43.0.0, < 43.0.1
• MEDIUM5.5Wasmtime segfault or unused out-of-sandbox load with `f64.copysign` operator on x86-64
  >= 29.0.0, < 36.0.5, >= 37.0.0, < 40.0.3, >= 41.0.0, < 41.0.1
• MEDIUM5.5Wasmtime segfault or unused out-of-sandbox load with `f64.copysign` operator on x86-64
  >= 29.0.0, < 36.0.5
• MEDIUM5.5Runtime crash when combining tail calls with stack traces
  >= 21.0.0, < 21.0.2, >= 22.0.0, < 22.0.1, >= 23.0.0, < 23.0.3, >= 24.0.0, < 24.0.1, >= 25.0.0, < 25.0.2
• MEDIUM5.5Runtime crash when combining tail calls with stack traces
  >= 12.0.0, < 21.0.2
• MEDIUM5.4Out-of-bounds write or crash when transcoding component model strings
  >= 0.0.0-0, < 24.0.7, >= 25.0.0, < 36.0.7, >= 37.0.0, < 42.0.2, >= 43.0.0, < 43.0.1
• MEDIUM5.4Out-of-bounds write or crash when transcoding component model strings
  from 0, < 24.0.7
• MEDIUM5.0Use-after-free bug after cloning `wasmtime::Linker`
  >= 43.0.0, < 43.0.1
• MEDIUM5.0Use-after-free bug after cloning `wasmtime::Linker`
  >= 43.0.0, < 43.0.1
• MEDIUM4.8Miscompilation of `i8x16.swizzle` and `select` with v128 inputs
  >= 0.0.0-0, < 0.38.1
• MEDIUM4.8Miscompilation of `i8x16.swizzle` and `select` with v128 inputs
  from 0, < 0.38.1
• LOW3.9Undefined Behavior in Rust runtime functions
  >= 0.0.0-0, < 6.0.2, >= 7.0.0, < 7.0.1, >= 8.0.0, < 8.0.1
• LOW3.9Undefined Behavior in Rust runtime functions
  from 0, < 6.0.2
• LOW3.8Out of bounds write in `wasmtime_trap_code` C API function
  >= 0.0.0-0, < 1.0.2, >= 2.0.0, < 2.0.2
• LOW3.8Out of bounds write in `wasmtime_trap_code` C API function
  >= 2.0.0, < 2.0.2
• LOW3.5Host panic with `fd_renumber` WASIp1 function
  >= 10.0.0, < 24.0.4, >= 25.0.0, < 33.0.2, >= 34.0.0, < 34.0.2
• LOW3.5Host panic with `fd_renumber` WASIp1 function
  >= 10.0.0, < 24.0.4
• LOW3.3Panic when using a dropped extenref-typed element segment
  >= 19.0.0, < 19.0.1
• LOW3.3Panic when using a dropped extenref-typed element segment
  >= 19.0.0, < 19.0.1
• LOW3.1Miscompilation of `i8x16.select` with the same inputs on x86\_64
  >= 1.0.0, < 4.0.1
• LOW3.1Miscompilation of `i8x16.select` with the same inputs on x86\_64
  >= 0.0.0-0, < 4.0.1, >= 5.0.0, < 5.0.1, >= 6.0.0, < 6.0.1
• LOW2.9Race condition could lead to WebAssembly control-flow integrity and type safety violations
  >= 19.0.0, < 21.0.2
• LOW2.9Race condition could lead to WebAssembly control-flow integrity and type safety violations
  >= 19.0.0, < 21.0.2, >= 22.0.0, < 22.0.1, >= 23.0.0, < 23.0.3, >= 24.0.0, < 24.0.1, >= 25.0.0, < 25.0.2
• LOW2.2Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86\_64
  >= 10.0.0, < 10.0.2
• LOW2.2Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86\_64
  >= 0.0.0-0, < 10.0.2, >= 11.0.0, < 11.0.2, >= 12.0.0, < 12.0.2
• LOW1.8Unsound API access to a WebAssembly shared linear memory
  >= 0.0.0-0, < 24.0.5, >= 25.0.0, < 36.0.3, >= 37.0.0, < 37.0.3, >= 38.0.0, < 38.0.4
• LOW1.8Unsound API access to a WebAssembly shared linear memory
  >= 38.0.0, < 38.0.4
• —Improperly masked return value from `table.grow` with Winch compiler backend
  >= 0.0.0-0, < 36.0.7, >= 37.0.0, < 42.0.2, >= 43.0.0, < 43.0.1
• —Improperly masked return value from `table.grow` with Winch compiler backend
  >= 25.0.0, < 36.0.7
• —Panic when dropping a `[Typed]Func::call_async` future
  >= 39.0.0, < 40.0.4, >= 41.0.0, < 41.0.4
• —Panic when dropping a `[Typed]Func::call_async` future
  >= 39.0.0, < 40.0.4
• —Possible host crash with host-to-wasm component intrinsics
  >= 38.0.0, < 38.0.3
• —Possible host crash with host-to-wasm component intrinsics
  >= 38.0.0, < 38.0.3