History ⋅ Edit RUSTSEC-2021-0110 Multiple Vulnerabilities in Wasmtime Reported September 17, 2021 Issued September 17, 2021 (last modified: October 19, 2021) Package wasmtime (crates.io) Type Vulnerability Categories memory-corruption memory-exposure Keywords #use-after-free #out-of-bounds-read #out-of-bounds-write #Wasm #garbage-collection Aliases CVE-2021-39216 CVE-2021-39219 CVE-2021-39218 CVSS Score 6.3 MEDIUM CVSS Details Attack vectorLocal Attack complexityHigh Privileges requiredLow User interactionNone ScopeUnchanged ConfidentialityNone IntegrityHigh AvailabilityHigh CVSS Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H Patched >=0.30.0 Affected Functions Version wasmtime::Linker::func_new <0.30.0 wasmtime::Linker::func_wrap <0.30.0 wasmtime::Store::gc <0.30.0 Description Use after free passing externrefs to Wasm in Wasmtime Out-of-bounds read/write and invalid free with externrefs and GC safepoints in Wasmtime Wrong type for Linker-define functions when used across two Engines