Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
wasmtime_trap_code C API function has out of bounds write vulnerability
Vulnerability Description
Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling `wasmtime_trap_code`. Users of the `wasmtime` crate are not affected by this issue, only users of the C API function `wasmtime_trap_code` are affected.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
跨界内存写
Vulnerability Title
Wasmtime 缓冲区错误漏洞
Vulnerability Description
Wasmtime是一个字节码联盟项目,它是一个独立的仅用于 WebAssembly 和 WASI 的 wasm 优化运行时。 Wasmtime 2.0.2之前的版本存在缓冲区错误漏洞,该漏洞源于其wasmtime_trap_code C API函数存在越界写入。
CVSS Information
N/A
Vulnerability Type
N/A