CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-39394

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller. This bug has been patched and users should upgrade to Wasmtime 2.0.2. This bug can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling `wasmtime_trap_code`. Users of the `wasmtime` crate are not affected by this issue, only users of the C API function `wasmtime_trap_code` are affected.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.5%

CVSS Severity

CVSS v3 Score 3.8

References

Products affected by CVE-2022-39394

Bytecodealliance » Wasmtime » Version: 0.10.0

cpe:2.3:a:bytecodealliance:wasmtime:0.10.0
Bytecodealliance » Wasmtime » Version: 0.11.0

cpe:2.3:a:bytecodealliance:wasmtime:0.11.0
Bytecodealliance » Wasmtime » Version: 0.12.0

cpe:2.3:a:bytecodealliance:wasmtime:0.12.0
Bytecodealliance » Wasmtime » Version: 0.15.0

cpe:2.3:a:bytecodealliance:wasmtime:0.15.0
Bytecodealliance » Wasmtime » Version: 0.16.0

cpe:2.3:a:bytecodealliance:wasmtime:0.16.0
Bytecodealliance » Wasmtime » Version: 0.17.0

cpe:2.3:a:bytecodealliance:wasmtime:0.17.0
Bytecodealliance » Wasmtime » Version: 0.18.0

cpe:2.3:a:bytecodealliance:wasmtime:0.18.0
Bytecodealliance » Wasmtime » Version: 0.19.0

cpe:2.3:a:bytecodealliance:wasmtime:0.19.0
Bytecodealliance » Wasmtime » Version: 0.2.0

cpe:2.3:a:bytecodealliance:wasmtime:0.2.0
Bytecodealliance » Wasmtime » Version: 0.20.0

cpe:2.3:a:bytecodealliance:wasmtime:0.20.0
Bytecodealliance » Wasmtime » Version: 0.21.0

cpe:2.3:a:bytecodealliance:wasmtime:0.21.0
Bytecodealliance » Wasmtime » Version: 0.22.0

cpe:2.3:a:bytecodealliance:wasmtime:0.22.0
Bytecodealliance » Wasmtime » Version: 0.22.1

cpe:2.3:a:bytecodealliance:wasmtime:0.22.1
Bytecodealliance » Wasmtime » Version: 0.23.0

cpe:2.3:a:bytecodealliance:wasmtime:0.23.0
Bytecodealliance » Wasmtime » Version: 0.24.0

cpe:2.3:a:bytecodealliance:wasmtime:0.24.0
Bytecodealliance » Wasmtime » Version: 0.25.0

cpe:2.3:a:bytecodealliance:wasmtime:0.25.0
Bytecodealliance » Wasmtime » Version: 0.26.0

cpe:2.3:a:bytecodealliance:wasmtime:0.26.0
Bytecodealliance » Wasmtime » Version: 0.26.1

cpe:2.3:a:bytecodealliance:wasmtime:0.26.1
Bytecodealliance » Wasmtime » Version: 0.27.0

cpe:2.3:a:bytecodealliance:wasmtime:0.27.0
Bytecodealliance » Wasmtime » Version: 0.28.0

cpe:2.3:a:bytecodealliance:wasmtime:0.28.0
Bytecodealliance » Wasmtime » Version: 0.29.0

cpe:2.3:a:bytecodealliance:wasmtime:0.29.0
Bytecodealliance » Wasmtime » Version: 0.3.0

cpe:2.3:a:bytecodealliance:wasmtime:0.3.0
Bytecodealliance » Wasmtime » Version: 0.30.0

cpe:2.3:a:bytecodealliance:wasmtime:0.30.0
Bytecodealliance » Wasmtime » Version: 0.31.0

cpe:2.3:a:bytecodealliance:wasmtime:0.31.0
Bytecodealliance » Wasmtime » Version: 0.32.0

cpe:2.3:a:bytecodealliance:wasmtime:0.32.0
Bytecodealliance » Wasmtime » Version: 0.32.1

cpe:2.3:a:bytecodealliance:wasmtime:0.32.1
Bytecodealliance » Wasmtime » Version: 0.33.0

cpe:2.3:a:bytecodealliance:wasmtime:0.33.0
Bytecodealliance » Wasmtime » Version: 0.33.1

cpe:2.3:a:bytecodealliance:wasmtime:0.33.1
Bytecodealliance » Wasmtime » Version: 0.34.0

cpe:2.3:a:bytecodealliance:wasmtime:0.34.0
Bytecodealliance » Wasmtime » Version: 0.34.1

cpe:2.3:a:bytecodealliance:wasmtime:0.34.1
Bytecodealliance » Wasmtime » Version: 0.34.2

cpe:2.3:a:bytecodealliance:wasmtime:0.34.2
Bytecodealliance » Wasmtime » Version: 0.35.0

cpe:2.3:a:bytecodealliance:wasmtime:0.35.0
Bytecodealliance » Wasmtime » Version: 0.35.1

cpe:2.3:a:bytecodealliance:wasmtime:0.35.1
Bytecodealliance » Wasmtime » Version: 0.35.2

cpe:2.3:a:bytecodealliance:wasmtime:0.35.2
Bytecodealliance » Wasmtime » Version: 0.36.0

cpe:2.3:a:bytecodealliance:wasmtime:0.36.0
Bytecodealliance » Wasmtime » Version: 0.37.0

cpe:2.3:a:bytecodealliance:wasmtime:0.37.0
Bytecodealliance » Wasmtime » Version: 0.38.0

cpe:2.3:a:bytecodealliance:wasmtime:0.38.0
Bytecodealliance » Wasmtime » Version: 0.38.1

cpe:2.3:a:bytecodealliance:wasmtime:0.38.1
Bytecodealliance » Wasmtime » Version: 0.38.2

cpe:2.3:a:bytecodealliance:wasmtime:0.38.2
Bytecodealliance » Wasmtime » Version: 0.38.3

cpe:2.3:a:bytecodealliance:wasmtime:0.38.3
Bytecodealliance » Wasmtime » Version: 0.39.0

cpe:2.3:a:bytecodealliance:wasmtime:0.39.0
Bytecodealliance » Wasmtime » Version: 0.39.1

cpe:2.3:a:bytecodealliance:wasmtime:0.39.1
Bytecodealliance » Wasmtime » Version: 0.4.0

cpe:2.3:a:bytecodealliance:wasmtime:0.4.0
Bytecodealliance » Wasmtime » Version: 0.40.0

cpe:2.3:a:bytecodealliance:wasmtime:0.40.0
Bytecodealliance » Wasmtime » Version: 0.40.1

cpe:2.3:a:bytecodealliance:wasmtime:0.40.1
Bytecodealliance » Wasmtime » Version: 0.6.0

cpe:2.3:a:bytecodealliance:wasmtime:0.6.0
Bytecodealliance » Wasmtime » Version: 0.8.0

cpe:2.3:a:bytecodealliance:wasmtime:0.8.0
Bytecodealliance » Wasmtime » Version: 0.9.0

cpe:2.3:a:bytecodealliance:wasmtime:0.9.0
Bytecodealliance » Wasmtime » Version: 1.0.0

cpe:2.3:a:bytecodealliance:wasmtime:1.0.0
Bytecodealliance » Wasmtime » Version: 1.0.1

cpe:2.3:a:bytecodealliance:wasmtime:1.0.1
Bytecodealliance » Wasmtime » Version: 2.0.0

cpe:2.3:a:bytecodealliance:wasmtime:2.0.0
Bytecodealliance » Wasmtime » Version: 2.0.1

cpe:2.3:a:bytecodealliance:wasmtime:2.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-39394

Products

Pricing

Contact Us