Skip to content

wasmtime_trap_code C API function has out of bounds write vulnerability

Low severity GitHub Reviewed Published Nov 10, 2022 in bytecodealliance/wasmtime • Updated Feb 1, 2024

Package

cargo wasmtime (Rust)

Affected versions

>= 2.0.0, < 2.0.2
< 1.0.2

Patched versions

2.0.2
1.0.2

Description

Impact

There is a bug in Wasmtime's C API implementation where the definition of the wasmtime_trap_code does not match its declared signature in the wasmtime/trap.h header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller.

Patches

This bug has been patched and users should upgrade to Wasmtime 2.0.2.

Workarounds

This can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling wasmtime_trap_code. Users of the wasmtime crate are not affected by this issue, only users of the C API function wasmtime_trap_code are affected.

References

For more information

If you have any questions or comments about this advisory:

References

@alexcrichton alexcrichton published to bytecodealliance/wasmtime Nov 10, 2022
Published by the National Vulnerability Database Nov 10, 2022
Published to the GitHub Advisory Database Feb 1, 2024
Reviewed Feb 1, 2024
Last updated Feb 1, 2024

Severity

Low
3.8
/ 10

CVSS base metrics

Attack vector
Local
Attack complexity
High
Privileges required
High
User interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

Weaknesses

CVE ID

CVE-2022-39394

GHSA ID

GHSA-h84q-m8rr-3v9q

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.