CVE-2024-30266

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-30266

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-30266.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-30266

Aliases

GHSA-75hq-h6g9-h4q5

Related

CGA-xw5g-w9hf-p8j6

Published

2024-04-04T16:15:09Z

Modified

2024-05-14T13:11:25.701287Z

Summary

[none]

Details

wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1.

References

Affected packages

Git / github.com/bytecodealliance/wasmtime

Affected ranges

Type: GIT
Repo: https://github.com/bytecodealliance/wasmtime
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7f57d0bb0948fa56cc950278d0db230ed10e8664

Affected versions

cranelift-v0.*

cranelift-v0.60.0

cranelift-v0.61.0

cranelift-v0.69.0

filecheck-v0.*

filecheck-v0.0.1

v0.*

v0.12.0

v0.16.0

v0.17.0

v0.18.0

v0.19.0

v0.20.0

v0.21.0

v0.22.0

v0.23.0

v0.24.0

v0.25.0

v0.26.0

v0.27.0

v0.28.0

v0.29.0

v0.30.0

v0.31.0

v0.32.0

v0.33.0

v0.34.0

v0.35.0