Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use After Free in lucet
Vulnerability Description
Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduced early in the development of Lucet and is present in all releases. As a result of this bug, and dependent on the memory backing for the Instance objects, it is possible to trigger a use-after-free when the Instance is dropped. Users should upgrade to the main branch of the Lucet repository. Lucet no longer provides versioned releases on crates.io. There is no way to remediate this vulnerability without upgrading.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
释放后使用
Vulnerability Title
Lucet 资源管理错误漏洞
Vulnerability Description
Lucet是Bytecode Alliance组织的一个开源得、原生的 WebAssembly 编译器和运行时。用于在应用程序中安全地执行不受信任的 WebAssembly 程序。 Lucet 存在资源管理错误漏洞,该漏洞源于Lucet的Instance 对象中存在释放后使用。攻击者可利用该漏洞导致内存损坏、数据竞争或其他相关问题。
CVSS Information
N/A
Vulnerability Type
N/A