crates.io package
cranelift-codegen
pkg:cargo/cranelift-codegen
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-26489 | — | >= 0.84.0, < 0.91.1 | 0.91.1 | Mar 8, 2023 | wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective add | ||
| CVE-2023-27477 | — | >= 0.88.0, < 0.91.1 | 0.91.1 | Mar 8, 2023 | wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of | ||
| CVE-2022-31169 | — | < 0.85.2 | 0.85.2 | Jul 21, 2022 | Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. | ||
| CVE-2022-31146 | — | >= 0.84.0, < 0.85.2 | 0.85.2 | Jul 20, 2022 | Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection. This means that if a GC happens at runtime then the GC | ||
| CVE-2022-31104 | — | < 0.85.1 | 0.85.1 | Jun 27, 2022 | Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is no | ||
| CVE-2021-32629 | — | < 0.73.1 | 0.73.1 | May 24, 2021 | Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential |
- CVE-2023-26489Mar 8, 2023affected >= 0.84.0, < 0.91.1fixed 0.91.1
wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective add
- CVE-2023-27477Mar 8, 2023affected >= 0.88.0, < 0.91.1fixed 0.91.1
wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of
- CVE-2022-31169Jul 21, 2022affected < 0.85.2fixed 0.85.2
Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2.
- CVE-2022-31146Jul 20, 2022affected >= 0.84.0, < 0.85.2fixed 0.85.2
Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection. This means that if a GC happens at runtime then the GC
- CVE-2022-31104Jun 27, 2022affected < 0.85.1fixed 0.85.1
Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is no
- CVE-2021-32629May 24, 2021affected < 0.73.1fixed 0.73.1
Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential