Reported

January 24, 2020

Issued

October 1, 2020 (last modified: June 13, 2023)

Package

lucet-runtime-internals (crates.io)

Type

Vulnerability

Categories

• memory-corruption
• memory-exposure

Aliases

• CVE-2020-35859
• GHSA-3933-wvjf-pcvc

References

• https://github.com/bytecodealliance/lucet/pull/401

CVSS Score

9.1 CRITICAL

CVSS Details

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Patched

• <0.5.0, >=0.4.3
• >=0.5.1

Description

An embedding using affected versions of lucet-runtime configured to use non-default Wasm globals sizes of more than 4KiB, or compiled in debug mode without optimizations, could leak data from the signal handler stack to guest programs. This can potentially cause data from the embedding host to leak to guest programs or cause corruption of guest program memory.

This flaw was resolved by correcting the sigstack allocation logic.

Advisory available under CC0-1.0 license.