pkg:Debian/rust-wasmtime

23 total CVEsCRITICAL2HIGH6MEDIUM9LOW5

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2024-51745Wasmtime doesn't fully sandbox all the Windows device filenames
    from 0, < 26.0.1+dfsg-1
  • CRITICAL9.9CVE-2026-34987Wasmtime with Winch compiler backend may allow a sandbox-escaping memory access
    from 0
  • HIGH8.1CVE-2026-34941Wasmtime: Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding
    from 0
  • HIGH7.8CVE-2026-34971Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift
    from 0
  • HIGH7.5CVE-2026-44216Panic when allocating a table exceeding the size of the host's address space
    from 0
  • HIGH7.5CVE-2026-34946Wasmtime has host panic when Winch compiler executes `table.fill`
    from 0
  • HIGH7.5CVE-2026-34943Wasmtime has a possible panic when lifting `flags` component value
    from 0
  • HIGH7.5CVE-2026-27572Panic adding excessive fields to a `wasi:http/types.fields` instance
    from 0
  • MEDIUM6.5CVE-2026-34945Wasmtime has host data leakage with 64-bit tables and Winch
    from 0
  • MEDIUM6.5CVE-2026-34942Wasmtime: Panic when transcoding misaligned utf-16 strings
    from 0
  • MEDIUM6.5CVE-2026-27204Guest-controlled resource exhaustion in WASI implementations
    from 0
  • MEDIUM6.3CVE-2026-34988Data leakage between pooling allocator instances
    from 0
  • MEDIUM5.7CVE-2026-34944Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64
    from 0
  • MEDIUM5.5CVE-2026-24116Wasmtime segfault or unused out-of-sandbox load with `f64.copysign` operator on x86-64
    from 0, < 36.0.5+dfsg-1
  • MEDIUM5.5CVE-2024-47763Runtime crash when combining tail calls with stack traces
    from 0, < 21.0.2+dfsg-1
  • MEDIUM5.4CVE-2026-35195Out-of-bounds write or crash when transcoding component model strings
    from 0
  • MEDIUM5.0CVE-2026-34983Use-after-free bug after cloning `wasmtime::Linker`
    from 0
  • LOW3.5CVE-2025-53901Host panic with `fd_renumber` WASIp1 function
    from 0
  • LOW3.3CVE-2024-30266Panic when using a dropped extenref-typed element segment
    from 0, < 21.0.2+dfsg-1
  • LOW2.9CVE-2024-47813Race condition could lead to WebAssembly control-flow integrity and type safety violations
    from 0, < 21.0.2+dfsg-1
  • LOW2.2CVE-2023-41880Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86\_64
    from 0, < 15.0.0+dfsg-1
  • LOW1.8CVE-2025-64345Unsound API access to a WebAssembly shared linear memory
    from 0
  • CVE-2026-35186Improperly masked return value from `table.grow` with Winch compiler backend
    from 0