GHSA-3933-wvjf-pcvc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3933-wvjf-pcvc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-3933-wvjf-pcvc/GHSA-3933-wvjf-pcvc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3933-wvjf-pcvc
- Aliases
-
- CVE-2020-35859
- RUSTSEC-2020-0004
- Published
- 2021-08-25T20:46:16Z
- Modified
- 2023-11-08T04:03:35.973145Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- Out of bounds access in lucet-runtime-internals
- Details
-
An embedding using affected versions of lucet-runtime configured to use non-default Wasm globals sizes of more than 4KiB, or compiled in debug mode without optimizations, could leak data from the signal handler stack to guest programs. This can potentially cause data from the embedding host to leak to guest programs or cause corruption of guest program memory. This flaw was resolved by correcting the sigstack allocation logic.
- Database specific
{ "nvd_published_at": "2020-12-31T10:15:14Z", "cwe_ids": [ "CWE-125", "CWE-787" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2021-08-19T21:19:58Z" }- References
Affected packages
crates.io / lucet-runtime-internals
Package
- Name
- lucet-runtime-internals
- View open source insights on deps.dev
- Purl
- pkg:cargo/lucet-runtime-internals
crates.io / lucet-runtime-internals
Package
- Name
- lucet-runtime-internals
- View open source insights on deps.dev
- Purl
- pkg:cargo/lucet-runtime-internals