VYPR

apk package

wolfi/libwasmtime

pkg:apk/wolfi/libwasmtime

Vulnerabilities (8)

  • CVE-2026-25541Feb 4, 2026
    affected < 41.0.2-r1fixed 41.0.2-r1

    Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reserve. In the unique reclaim path of BytesMut::reserve, if the condition "v_capacity >= new_cap + offset" uses an unchecked addition. Whe

  • CVE-2025-58160LowAug 29, 2025
    affected < 36.0.2-r1fixed 36.0.2-r1

    tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be i

  • CVE-2024-12224May 30, 2025
    affected < 28.0.0-r0fixed 28.0.0-r0

    Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.

  • CVE-2025-4432MedMay 9, 2025
    affected < 30.0.2-r1fixed 30.0.2-r1

    A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets

  • CVE-2024-51756LowNov 5, 2024
    affected < 26.0.1-r0fixed 26.0.1-r0

    The cap-std project is organized around the eponymous `cap-std` crate, and develops libraries to make it easy to write capability-based code. cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", a

  • CVE-2024-51745Nov 5, 2024
    affected < 26.0.1-r0fixed 26.0.1-r0

    Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use su

  • CVE-2023-26489Mar 8, 2023
    affected < 6.0.1-r0fixed 6.0.1-r0

    wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective add

  • CVE-2023-27477Mar 8, 2023
    affected < 6.0.1-r0fixed 6.0.1-r0

    wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of