Reported

May 21, 2021

Issued

May 22, 2021 (last modified: October 19, 2021)

Package

cranelift-codegen (crates.io)

Type

Vulnerability

Categories

• code-execution
• memory-corruption
• memory-exposure

Keywords

#miscompile #sandbox #wasm

Aliases

• CVE-2021-32629
• GHSA-hpqh-2wqx-7qp5

References

• https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hpqh-2wqx-7qp5

CVSS Score

8.8 HIGH

CVSS Details

Attack vector

Local

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Patched

• >=0.73.1

Affected Architectures

• x86

Description

There is a bug in 0.73.0 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a WebAssembly module. Users of versions 0.73.0 of Cranelift should upgrade to either 0.73.1 or 0.74 to remediate this vulnerability. Users of Cranelift prior to 0.73.0 should update to 0.73.1 or 0.74 if they were not using the old default backend.

More details can be found in the GitHub Security Advisory at:

https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hpqh-2wqx-7qp5

Advisory available under CC0-1.0 license.