Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance
Vulnerability Description
Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the `wasi:http/types.fields` resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the `wasmtime-wasi-http` crate is backed by a data structure which panics when it reaches excessive capacity and this condition was not handled gracefully in Wasmtime. Panicking in a WASI implementation is a Denial of Service vector for embedders and is treated as a security vulnerability in Wasmtime. Wasmtime 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0 patch this vulnerability and return a trap to the guest instead of panicking. There are no known workarounds at this time. Embedders are encouraged to update to a patched version of Wasmtime.
CVSS Information
N/A
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
wasmtime 安全漏洞
Vulnerability Description
wasmtime是Bytecode Alliance开源的一个轻量级WebAssembly运行时。 Wasmtime 24.0.6之前版本、36.0.6之前版本、4.0.04之前版本、41.0.4之前版本和42.0.0之前版本存在安全漏洞,该漏洞源于wasi:http/types.fields资源实现在添加过多标头字段时容易发生崩溃,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A