CVE-2024-30266

wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664
https://github.com/bytecodealliance/wasmtime/issues/8281
https://github.com/bytecodealliance/wasmtime/pull/8018
https://github.com/bytecodealliance/wasmtime/pull/8283
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5

Configurations

No configuration.

History

No history.

Information

Published : 2024-04-04 16:15

Updated : 2024-04-04 16:33

NVD link : CVE-2024-30266

Mitre link : CVE-2024-30266

CVE.ORG link : CVE-2024-30266

JSON object : View

Products Affected

No product.

CWE

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

{"id": "CVE-2024-30266", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2024-04-04T16:15:09.107", "references": [{"url": "https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664", "source": "security-advisories@github.com"}, {"url": "https://github.com/bytecodealliance/wasmtime/issues/8281", "source": "security-advisories@github.com"}, {"url": "https://github.com/bytecodealliance/wasmtime/pull/8018", "source": "security-advisories@github.com"}, {"url": "https://github.com/bytecodealliance/wasmtime/pull/8283", "source": "security-advisories@github.com"}, {"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-843"}]}], "descriptions": [{"lang": "en", "value": "wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1."}, {"lang": "es", "value": "wasmtime es un tiempo de ejecuci\u00f3n para WebAssembly. La versi\u00f3n 19.0.0 de Wasmtime contiene una regresi\u00f3n introducida durante su desarrollo que puede provocar que un m\u00f3dulo WebAssembly invitado cause p\u00e1nico en el tiempo de ejecuci\u00f3n del host. Un m\u00f3dulo WebAssembly v\u00e1lido, cuando se ejecuta en tiempo de ejecuci\u00f3n, puede provocar este p\u00e1nico. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 19.0.1."}], "lastModified": "2024-04-04T16:33:06.610", "sourceIdentifier": "security-advisories@github.com"}