Wasmtime GHSA-q8hx-mm92-4wvg DoS via tail calls and stack traces

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: Runtime crash when combining tail calls with stack traces - Publisher: alexcrichton - Vulnerability ID: GHSA-q8hx-mm92-4wvg - Release Date: 2 days ago 2. Affected Versions: - Affected Versions: 21.0.0, 21.0.1, 22.0.0, 23.0.0, 21.0.2, 22.0.1, 23.0.3, 24.0.1, 23.0.1, 23.0.2, 24.0.0, 25.0.0, 25.0.1 3. Fixed Versions: - Fixed Versions: 21.0.2, 22.0.1, 23.0.3, 24.0.1, 25.0.2 4. Vulnerability Severity: - Severity: Moderate (5.5/10) 5. Vulnerability Description: - Wasmtime’s WebAssembly tail call implementation, when combined with stack traces, can cause a runtime crash. In certain WebAssembly modules, this runtime crash may be undefined behavior if Wasmtime is compiled with Rust 1.80 or earlier. When Wasmtime is compiled with Rust 1.81 or later, this crash becomes a deterministic process crash. 6. Vulnerability Impact: - This is a denial-of-service vulnerability. Malicious WebAssembly modules or components can cause the host to crash. No other impacts exist beyond service availability, as the crash always results in service failure. 7. Discovery Method: - Discovered via regular fuzzing, performed by the Wasmtime project using Google’s OSS-Fuzz infrastructure. 8. Remediation: - All Wasmtime versions with tail calls enabled by default have been patched. 9. Workarounds: - The primary workaround is to disable tail call support in Wasmtime, for example, using . Users are encouraged to upgrade to patched versions. 10. Reference Links: - Tail calls in Wasmtime’s initial implementation - Enabling tail calls in 21.0.0 - Fully enabling tail calls in 22.0.0 - WebAssembly tail call proposal This information provides a detailed description of the vulnerability, its scope of impact, discovery method, remediation steps, and available workarounds.

Goal Reached Thanks to every supporter — we hit 100%!

Wasmtime GHSA-q8hx-mm92-4wvg DoS via tail calls and stack traces

More from this source