RUSTSEC-2022-0102

Out of bounds read/write with zero-memory-pages configuration

Reported

November 5, 2022

Issued

May 2, 2025

Package

wasmtime (crates.io)

Type

Vulnerability

Aliases

CVE-2022-39392
GHSA-44mr-8vmm-wjhg

References

https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-44mr-8vmm-wjhg

CVSS Score

5.9 MEDIUM

CVSS Details

Attack Vector: Network
Attack Complexity: High
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Patched

>=1.0.2, <2.0.0
>=2.0.2

Description

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-44mr-8vmm-wjhg. For more information see the GitHub-hosted security advisory.

Advisory available under CC0-1.0 license.