Reported

March 31, 2022

Issued

March 31, 2022 (last modified: June 13, 2023)

Package

wasmtime (crates.io)

Type

Vulnerability

Categories

• memory-corruption
• memory-exposure

Keywords

#use-after-free #Wasm #garbage-collection

Aliases

• CVE-2022-24791
• GHSA-gwc9-348x-qwv2

References

• https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gwc9-348x-qwv2

Patched

• >=0.35.2
• >=0.34.2, <0.35.0

Unaffected

• <0.34.0

Affected Functions

Version

wasmtime::Config::epoch_interruption

• ^0.34.0
• ^0.34.1
• ^0.35.0
• ^0.35.1

Description

Use after free with externrefs and epoch interruption in Wasmtime

Advisory available under CC0-1.0 license.