VYPR

PyPI package

wasmtime

pkg:pypi/wasmtime

Vulnerabilities (4)

  • CVE-2021-39218Sep 17, 2021
    affected >= 0.26.0, < 0.30.0fixed 0.30.0

    Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmt

  • CVE-2021-39219Sep 17, 2021
    affected < 0.30.0fixed 0.30.0

    Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing that if consumers never use

  • CVE-2021-39216Sep 17, 2021
    affected < 0.30.0fixed 0.30.0

    Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple `externref`s

  • CVE-2021-32629May 24, 2021
    affected < 0.27.0fixed 0.27.0

    Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential