CVE-2026-34988— wasmtime 缓冲区错误漏洞
可能的 ATT&CK 技术 1AI
T1530 · Data from Cloud Storage获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2026-34988 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Wasmtime leaks data between pooling allocator instances
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance to the next. The implementation of resetting the virtual memory permissions for linear memory used the wrong predicate to determine if resetting was necessary, where the compilation process used a different predicate. This divergence meant that the pooling allocator incorrectly deduced at runtime that resetting virtual memory permissions was not necessary while compile-time determine that virtual memory could be relied upon. The pooling allocator must be in use, Config::memory_guard_size configuration option must be 0, Config::memory_reservation configuration must be less than 4GiB, and pooling allocator must be configured with max_memory_size the same as the memory_reservation value in order to exploit this vulnerability. If all of these conditions are applicable then when a linear memory is reused the VM permissions of the previous iteration are not reset. This means that the compiled code, which is assuming out-of-bounds loads will segfault, will not actually segfault and can read the previous contents of linear memory if it was previously mapped. This represents a data leakage vulnerability between guest WebAssembly instances which breaks WebAssembly's semantics and additionally breaks the sandbox that Wasmtime provides. Wasmtime is not vulnerable to this issue with its default settings, nor with the default settings of the pooling allocator, but embeddings are still allowed to configure these values to cause this vulnerability. This vulnerability is fixed in 36.0.7, 42.0.2, and 43.0.1.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
wasmtime 缓冲区错误漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
wasmtime是Bytecode Alliance开源的一个轻量级WebAssembly运行时。 Wasmtime 36.0.7之前版本、42.0.2之前版本和43.0.1之前版本存在缓冲区错误漏洞,该漏洞源于池化分配器在重置虚拟内存权限时使用了错误的谓词,可能导致访客WebAssembly实例之间的数据泄露。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| bytecodealliance | wasmtime | >= 28.0.0, < 36.0.7 | - |
二、漏洞 CVE-2026-34988 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2026-34988 的情报信息
请登录查看更多情报信息。
同批安全公告 · bytecodealliance · 2026-04-09 · 共 12 条
| CVE-2026-35195 | wasmtime 缓冲区错误漏洞 | |
| CVE-2026-35186 | wasmtime 安全漏洞 | |
| CVE-2026-34983 | wasmtime 资源管理错误漏洞 | |
| CVE-2026-34941 | wasmtime 缓冲区错误漏洞 | |
| CVE-2026-34942 | wasmtime 输入验证错误漏洞 | |
| CVE-2026-34971 | wasmtime 缓冲区错误漏洞 | |
| CVE-2026-34946 | wasmtime 安全漏洞 | |
| CVE-2026-34944 | wasmtime 安全漏洞 | |
| CVE-2026-34945 | wasmtime 安全漏洞 | |
| CVE-2026-34987 | wasmtime 缓冲区错误漏洞 | |
| CVE-2026-34943 | wasmtime 安全漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2026-34988
暂无评论