Low severityNVD Advisory· Published Apr 4, 2024· Updated Aug 2, 2024
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
CVE-2024-30266
Description
wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
wasmtimecrates.io | >= 19.0.0, < 19.0.1 | 19.0.1 |
Affected products
1- Range: = 19.0.0
Patches
17f57d0bb0948Fix a panic using tables with the wrong type (#8283)
2 files changed · +45 −1
crates/runtime/src/instance.rs+6 −1 modified@@ -801,7 +801,12 @@ impl Instance { // disconnected from the lifetime of `self`. let module = self.module().clone(); - let empty = TableSegmentElements::Functions(Box::new([])); + // NB: fall back to an expressions-based list of elements which doesn't + // have static type information (as opposed to `Functions`) since we + // don't know just yet what type the table has. The type will be be + // inferred in the next step within `table_init_segment`. + let empty = TableSegmentElements::Expressions(Box::new([])); + let elements = match module.passive_elements_map.get(&elem_index) { Some(index) if !self.dropped_elements.contains(elem_index) => { &module.passive_elements[*index]
tests/misc_testsuite/externref-table-dropped-segment-issue-8281.wast+39 −0 added@@ -0,0 +1,39 @@ +(module + (table $t 0 0 externref) + + (func (export "f1") + (i32.const 0) + (i32.const 0) + (i32.const 0) + (table.init $t $declared) + ) + + (func (export "f2") + (i32.const 0) + (i32.const 0) + (i32.const 0) + (table.init $t $passive) + + (elem.drop $passive) + + (i32.const 0) + (i32.const 0) + (i32.const 0) + (table.init $t $passive) + ) + + (func (export "f3") + (i32.const 0) + (i32.const 0) + (i32.const 0) + (table.init $t $active) + ) + + (elem $declared declare externref) + (elem $passive externref) + (elem $active (i32.const 0) externref) +) + +(assert_return (invoke "f1")) +(assert_return (invoke "f2")) +(assert_return (invoke "f3"))
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-75hq-h6g9-h4q5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-30266ghsaADVISORY
- github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664ghsax_refsource_MISCWEB
- github.com/bytecodealliance/wasmtime/issues/8281ghsax_refsource_MISCWEB
- github.com/bytecodealliance/wasmtime/pull/8018ghsax_refsource_MISCWEB
- github.com/bytecodealliance/wasmtime/pull/8283ghsax_refsource_MISCWEB
- github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5ghsax_refsource_CONFIRMWEB
- rustsec.org/advisories/RUSTSEC-2024-0441.htmlghsaWEB
News mentions
0No linked articles in our index yet.