Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oODRxLW04cnItM3Y5cc4AA4-6
wasmtime_trap_code C API function has out of bounds write vulnerability
Impact
There is a bug in Wasmtime's C API implementation where the definition of the wasmtime_trap_code does not match its declared signature in the wasmtime/trap.h header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller.
Patches
This bug has been patched and users should upgrade to Wasmtime 2.0.2.
Workarounds
This can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling wasmtime_trap_code. Users of the wasmtime crate are not affected by this issue, only users of the C API function wasmtime_trap_code are affected.
References
For more information
If you have any questions or comments about this advisory:
- Reach out to us on the Bytecode Alliance Zulip chat
- Open an issue in the bytecodealliance/wasmtime repository
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oODRxLW04cnItM3Y5cc4AA4-6
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 3.8
CVSS vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Identifiers: GHSA-h84q-m8rr-3v9q, CVE-2022-39394
References:
- https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-h84q-m8rr-3v9q
- https://nvd.nist.gov/vuln/detail/CVE-2022-39394
- https://github.com/bytecodealliance/wasmtime/commit/087d9d7becf7422b3f872a3bcd5d97bb7ce7ff36
- https://github.com/bytecodealliance/wasmtime/commit/5b6d5e78de106503b3b9add218bb3d2b1d63c493
- https://groups.google.com/a/bytecodealliance.org/g/sec-announce/c/c1HBDDJwNPA
- https://github.com/advisories/GHSA-h84q-m8rr-3v9q
Blast Radius: 12.9
Affected Packages
cargo:wasmtime
Dependent packages: 126Dependent repositories: 2,459
Downloads: 7,003,038 total
Affected Version Ranges: < 1.0.2, >= 2.0.0, < 2.0.2
Fixed in: 1.0.2, 2.0.2
All affected versions: 0.0.0, 0.3.0, 0.7.0, 0.8.0, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.19.0, 0.20.0, 0.21.0, 0.22.0, 0.23.0, 0.24.0, 0.25.0, 0.26.0, 0.26.1, 0.27.0, 0.28.0, 0.29.0, 0.30.0, 0.31.0, 0.32.0, 0.32.1, 0.33.0, 0.33.1, 0.34.0, 0.34.1, 0.34.2, 0.35.0, 0.35.1, 0.35.2, 0.35.3, 0.36.0, 0.37.0, 0.38.0, 0.38.1, 0.38.2, 0.38.3, 0.39.0, 0.39.1, 0.40.0, 0.40.1, 1.0.0, 1.0.1, 2.0.0, 2.0.1
All unaffected versions: 1.0.2, 2.0.2, 3.0.0, 3.0.1, 4.0.0, 4.0.1, 5.0.0, 5.0.1, 6.0.0, 6.0.1, 6.0.2, 7.0.0, 7.0.1, 8.0.0, 8.0.1, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 10.0.0, 10.0.1, 10.0.2, 11.0.0, 11.0.1, 11.0.2, 12.0.0, 12.0.1, 12.0.2, 13.0.0, 13.0.1, 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 15.0.0, 15.0.1, 16.0.0, 17.0.0, 17.0.1, 17.0.2, 17.0.3, 18.0.0, 18.0.1, 18.0.2, 18.0.3, 18.0.4, 19.0.0, 19.0.1, 19.0.2, 20.0.0