- Reported
-
- Issued
-
- Package
-
wasmtime
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Keywords
-
#use-after-free
#Wasm
#garbage-collection
- Aliases
-
- Details
-
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf
- Patched
-
Description
bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance.
Mitigations are described here.