CVE-2024-30266

low-risk
Published 2024-04-04

wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10 Low
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Bytecodealliance

References (10)

Patch https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db...
Exploit https://github.com/bytecodealliance/wasmtime/issues/8281
Patch https://github.com/bytecodealliance/wasmtime/pull/8018
Patch https://github.com/bytecodealliance/wasmtime/pull/8283
Mitigation https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-...
Patch https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db...
Exploit https://github.com/bytecodealliance/wasmtime/issues/8281
Patch https://github.com/bytecodealliance/wasmtime/pull/8018
Patch https://github.com/bytecodealliance/wasmtime/pull/8283
Mitigation https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-...
18
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal