CVE-2021-39216

MEDIUM6.3EPSS 0.15%

Multiple Vulnerabilities in Wasmtime

發布日:2021/9/20修改日:2024/3/15

也稱為:GHSA-4873-36h9-wv49 GHSA-q879-9g95-56mx GHSA-v4cp-h94r-m7xfPYSEC-2021-320PYSEC-2021-321PYSEC-2021-322RUSTSEC-2021-0110

描述

* [Use after free passing `externref`s to Wasm in Wasmtime](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-v4cp-h94r-m7xf) * [Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4873-36h9-wv49) * [Wrong type for `Linker`-define functions when used across two `Engine`s](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q879-9g95-56mx)

受影響套件(10)

crates.io/wasmtime>= 0.26.0, < 0.30.0
crates.io/wasmtimefrom 0, < 0.30.0
crates.io/wasmtimefrom 0, < 0.30.0
crates.io/wasmtime>= 0.0.0-0, < 0.30.0
PyPI/wasmtimefrom 0, < 398a73f0dd862dbe703212ebae8e34036a18c11c | from 0, < 0.30.0
PyPI/wasmtime>= 0.26.0, < 0.30.0
PyPI/wasmtimefrom 0, < b39f087414f27ae40c44449ed5d1154e03449bff | from 0, < 0.30.0
PyPI/wasmtimefrom 0, < 0.30.0
PyPI/wasmtimefrom 0, < 0.30.0
PyPI/wasmtimefrom 0, < 101998733b74624cbd348a2366d05760b40181f3 | from 0, < 0.30.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
osv	CVSS 3.1	MEDIUM6.3	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

描述

受影響套件(10)

CVSS 分數

參考連結(18)