Wasmtime 资源管理错误漏洞

漏洞信息详情

Wasmtime是一个字节码联盟项目，它是一个独立的仅用于 WebAssembly 和 WASI 的 wasm 优化运行时。

Wasmtime 存在资源管理错误漏洞，该漏洞源于将多个 externref 从主机传递给访客 Wasm content 时，存在释放后使用错误。

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：

https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-v4cp-h94r-m7xf

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/Z2Z33FTXFQ6EOINVEQIP4DFBG53G5XIY/

来源:CONFIRM

链接:https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-v4cp-h94r-m7xf

来源:MISC

链接:https://crates.io/crates/wasmtime

来源:MISC

链接:https://github.com/bytecodealliance/wasmtime/commit/101998733b74624cbd348a2366d05760b40181f3

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/WAVBRYDDUIY2ZR3K3FO4BVYJKIMJ5TP7/

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2021-39216

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Wasmtime-three-vulnerabilities-36563

暂无