RUSTSEC-2024-0438

Wasmtime doesn't fully sandbox all the Windows device filenames

Reported

November 2, 2024

Issued

May 2, 2025

Package

wasmtime (crates.io)

Type

Vulnerability

Aliases

CVE-2024-51745
GHSA-c2f5-jxjv-2hh8

References

https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-c2f5-jxjv-2hh8

Patched

>=24.0.2, <25.0.0
>=25.0.3, <26.0.0
>=26.0.1

Description

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-c2f5-jxjv-2hh8. For more information see the GitHub-hosted security advisory.

Advisory available under CC0-1.0 license.