RUSTSEC-2023-0092

Undefined Behavior in Rust runtime functions

Reported

April 21, 2023

Issued

May 2, 2025

Package

wasmtime (crates.io)

Type

Vulnerability

Categories

memory-corruption

Aliases

CVE-2023-30624
GHSA-ch89-5g45-qwc7

References

https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ch89-5g45-qwc7

CVSS Score

3.9 LOW

CVSS Details

Attack vector: Network
Attack complexity: High
Privileges required: High
User interaction: Required
Scope: Unchanged
Confidentiality: Low
Integrity: Low
Availability: Low

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

Patched

>=6.0.2, <7.0.0
>=7.0.1, <8.0.0
>=8.0.1

Description

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ch89-5g45-qwc7. For more information see the GitHub-hosted security advisory.

Advisory available under CC0-1.0 license.