CNNVD-202510-900 Information
CNNVD ID
CNNVD-202510-900
Related CVE
- CNNVD Published: 2025-10-07
Description (Chinese)
wasmtime是Bytecode Alliance开源的一个轻量级WebAssembly运行时。 Wasmtime 37.0.0版本和37.0.1版本存在安全漏洞,该漏洞源于C/C++ API中anyref或externref值的内存管理缺陷,可能导致内存泄漏。
Description (English)
Wasmtime is a lightweight WebAssembly run by Bytecode Alliance. There is a security loophole in the Wasmtime 37.0.0 and 37.0.1 versions, which stems from memory management deficiencies in the anyref or externref values in the C/C++ API, which may result in memory leakage.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Bytecode Alliance
Published
2025-10-07
Last Modified
2026-02-24
References
https://github.com/bytecodealliance/wasmtime/commit/adff9d9d0f09569203709d5687e5a7dc8e1ad0a3 https://github.com/bytecodealliance/wasmtime/releases/tag/v37.0.2 https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vvp9-h8p2-xwfc
Patch
https://github.com/bytecodealliance/wasmtime/releases
Share on: