HistoryEdit

RUSTSEC-2022-0075

Bug in pooling instance allocator

Reported
Issued
Package
wasmtime (crates.io)
Type
Vulnerability
Categories
Keywords
#use-after-free #Wasm #garbage-collection
Aliases
Details
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf
Patched
  • >=1.0.2, <2.0.0
  • >=2.0.2

Description

bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance.

Mitigations are described here.