Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Wasmi's Linear Memory has a Critical Use After Free Vulnerability
Vulnerability Description
Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use After Free vulnerability, triggered by a WebAssembly module under certain memory growth conditions. This issue potentially leads to memory corruption, information disclosure, or code execution. This issue is fixed in versions 0.41.2, 0.47.1, 0.51.3 and 1.0.1. To workaround this issue, consider limiting the maximum linear memory sizes where feasible.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
释放后使用
Vulnerability Title
Wasmi 资源管理错误漏洞
Vulnerability Description
Wasmi是Wasmi Labs开源的一个用于嵌入式系统的WebAssembly解释器。 Wasmi 0.41.0版本、0.41.1版本、0.42.0版本至0.47.1版本、0.50.0版本至0.51.2版本和1.0.0版本存在资源管理错误漏洞,该漏洞源于线性内存实现存在缺陷,可能导致释放后重用。
CVSS Information
N/A
Vulnerability Type
N/A