CNNVD-202511-1320 Information
CNNVD ID
CNNVD-202511-1320
Related CVE
- CNNVD Published: 2025-11-12
Description (Chinese)
wasmtime是Bytecode Alliance开源的一个轻量级WebAssembly运行时。 wasmtime 38.0.4之前版本、37.0.3之前版本、36.0.3之前版本和24.0.5之前版本存在竞争条件问题漏洞,该漏洞源于共享线性内存存在数据竞争风险。
Description (English)
Wasmtime is a lightweight WebAssembly run by Bytecode Alliance. There is a gap in the conditions of competition between pre-version 38.0.4, pre-version 37.0.3, pre-version 36.0.3 and pre-version 24.0.5, which stems from the risk of data competition in shared linear memory.
Hazard Level
High
Vulnerability Type
竞争条件问题
Affected Vendor
Bytecode Alliance
Published
2025-11-12
Last Modified
2026-02-24
References
https://docs.rs/wasmtime/latest/wasmtime/struct.Memory.html#method.new https://docs.rs/wasmtime/latest/wasmtime/struct.SharedMemory.html#method.new https://docs.wasmtime.dev/stability-release.html https://github.com/bytecodealliance/wasmtime/commit/9ebb6934f00d58b92fb68ed0e0b16c0ae828ca10 https://github.com/bytecodealliance/wasmtime/releases/tag/v38.0.4 https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hc7m-r6v8-hg9q
Patch
https://github.com/bytecodealliance/wasmtime/releases
Share on: