Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use After Free in Wasmtime
Vulnerability Description
Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection. This means that if a GC happens at runtime then the GC pass will mistakenly think these functions do not have live references to GC'd values, reclaiming them and deallocating them. The function will then subsequently continue to use the values assuming they had not been GC'd, leading later to a use-after-free. This bug was introduced in the migration to the `regalloc2` register allocator that occurred in the Wasmtime 0.37.0 release on 2022-05-20. This bug has been patched and users should upgrade to Wasmtime version 0.38.2. Mitigations for this issue can be achieved by disabling the reference types proposal by passing `false` to `wasmtime::Config::wasm_reference_types` or downgrading to Wasmtime 0.36.0 or prior.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
Vulnerability Type
释放后使用
Vulnerability Title
Wasmtime 资源管理错误漏洞
Vulnerability Description
Wasmtime是一个字节码联盟项目,它是一个独立的仅用于 WebAssembly 和 WASI 的 wasm 优化运行时。 Wasmtime 0.37.0版本的代码生成器Cranelift存在资源管理错误漏洞,该漏洞源于其开发者使用引用类型的函数可能错误地缺少运行时垃圾回收 (GC) 所需的元数据。这意味着,如果 GC 在运行时发生,则收集器会错误地认为某些 Wasm 堆栈帧没有对垃圾回收值的实时引用,因此会回收并解除分配它们。然后,该函数随后可以继续使用这些值,从而导致以后使用后释放的错误。
CVSS Information
N/A
Vulnerability Type
N/A