Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64
Vulnerability Description
Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the `f64.copysign` WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled it's possible for out-of-sandbox data to be loaded, but unless there is another bug in Cranelift this data is not visible to WebAssembly guests. Wasmtime 36.0.5, 40.0.3, and 41.0.1 have been released to fix this issue. Users are recommended to upgrade to the patched versions of Wasmtime. Other affected versions are not patched and users should updated to supported major version instead. This bug can be worked around by enabling signals-based-traps. While disabling guard pages can be a quick fix in some situations, it's not recommended to disabled guard pages as it is a key defense-in-depth measure of Wasmtime.
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
wasmtime 缓冲区错误漏洞
Vulnerability Description
wasmtime是Bytecode Alliance开源的一个轻量级WebAssembly运行时。 wasmtime 29.0.0至36.0.5之前版本、40.0.3之前版本和41.0.1之前版本存在缓冲区错误漏洞,该漏洞源于在具有AVX的x86-64平台上,Cranelift对f64.copysign WebAssembly指令的编译可能加载多余字节,可能导致未捕获的分段违规或加载沙箱外数据。
CVSS Information
N/A
Vulnerability Type
N/A