VYPR

Vendor CVEs

Bytecodealliance

All CVEs

54 total · sorted by risk
  • CVE-2021-39218Sep 17, 2021
    risk 0.00cvss epss 0.00

    Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in…

  • CVE-2021-39219Sep 17, 2021
    risk 0.00cvss epss 0.00

    Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing that if consumers never use…

  • CVE-2021-39216Sep 17, 2021
    risk 0.00cvss epss 0.00

    Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple…

  • CVE-2021-32629May 24, 2021
    risk 0.00cvss epss 0.00

    Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a…

Page 2 of 2