CNNVD-202510-3400 Information
CNNVD ID
CNNVD-202510-3400
Related CVE
- CNNVD Published: 2025-10-24
Description (Chinese)
wasmtime是Bytecode Alliance开源的一个轻量级WebAssembly运行时。 Wasmtime 38.0.0版本至38.0.3之前版本存在安全漏洞,该漏洞源于组件模型相关的主机到wasm跳板实现存在缺陷,可能导致段错误或断言失败。
Description (English)
Wasmtime is a lightweight WebAssembly run by Bytecode Alliance. There is a security loophole in the Wasmtime 38.0.0 to 38.0.3, which arises from defects in the relevant mainframe of the assembly model to the wasm springboard, which may lead to errors or failures in the assertion.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Bytecode Alliance
Published
2025-10-24
Last Modified
2026-02-24
References
https://github.com/bytecodealliance/wasmtime/commit/192f2fcdadfec9d0cf6b58548a85a7307450cbf5 https://github.com/bytecodealliance/wasmtime/pull/11592 https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4h67-722j-5pmc
Patch
https://github.com/bytecodealliance/wasmtime/releases
Share on: