cve-2024-47763
Vulnerability from cvelistv5
Published
2024-10-09 18:03
Modified
2024-10-09 19:50
Severity ?
EPSS score ?
Summary
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtime crash is a deterministic process abort when Wasmtime is compiled with Rust 1.81 and later. WebAssembly tail calls are a proposal which relatively recently reached stage 4 in the standardization process. Wasmtime first enabled support for tail calls by default in Wasmtime 21.0.0, although that release contained a bug where it was only on-by-default for some configurations. In Wasmtime 22.0.0 tail calls were enabled by default for all configurations. The specific crash happens when an exported function in a WebAssembly module (or component) performs a `return_call` (or `return_call_indirect` or `return_call_ref`) to an imported host function which captures a stack trace (for example, the host function raises a trap). In this situation, the stack-walking code previously assumed there was always at least one WebAssembly frame on the stack but with tail calls that is no longer true. With the tail-call proposal it's possible to have an entry trampoline appear as if it directly called the exit trampoline. This situation triggers an internal assert in the stack-walking code which raises a Rust `panic!()`. When Wasmtime is compiled with Rust versions 1.80 and prior this means that an `extern "C"` function in Rust is raising a `panic!()`. This is technically undefined behavior and typically manifests as a process abort when the unwinder fails to unwind Cranelift-generated frames. When Wasmtime is compiled with Rust versions 1.81 and later this panic becomes a deterministic process abort. Overall the impact of this issue is that this is a denial-of-service vector where a malicious WebAssembly module or component can cause the host to crash. There is no other impact at this time other than availability of a service as the result of the crash is always a crash and no more. This issue was discovered by routine fuzzing performed by the Wasmtime project via Google's OSS-Fuzz infrastructure. We have no evidence that it has ever been exploited by an attacker in the wild. All versions of Wasmtime which have tail calls enabled by default have been patched: * 21.0.x - patched in 21.0.2 * 22.0.x - patched in 22.0.1 * 23.0.x - patched in 23.0.3 * 24.0.x - patched in 24.0.1 * 25.0.x - patched in 25.0.2. Wasmtime versions from 12.0.x (the first release with experimental tail call support) to 20.0.x (the last release with tail-calls off-by-default) have support for tail calls but the support is disabled by default. These versions are not affected in their default configurations, but users who explicitly enabled tail call support will need to either disable tail call support or upgrade to a patched version of Wasmtime. The main workaround for this issue is to disable tail support for tail calls in Wasmtime, for example with `Config::wasm_tail_call(false)`. Users are otherwise encouraged to upgrade to patched versions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| bytecodealliance | wasmtime |
Version: >= 21.0.0, < 21.0.2 Version: >= 22.0.0, < 22.0.1 Version: >= 23.0.0, < 23.0.3 Version: >= 24.0.0, < 24.0.1 Version: >= 25.0.0, < 25.0.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:47:52.888662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:50:25.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wasmtime",
"vendor": "bytecodealliance",
"versions": [
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.0.2"
},
{
"status": "affected",
"version": "\u003e= 22.0.0, \u003c 22.0.1"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.0.3"
},
{
"status": "affected",
"version": "\u003e= 24.0.0, \u003c 24.0.1"
},
{
"status": "affected",
"version": "\u003e= 25.0.0, \u003c 25.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wasmtime is an open source runtime for WebAssembly. Wasmtime\u0027s implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtime crash is a deterministic process abort when Wasmtime is compiled with Rust 1.81 and later. WebAssembly tail calls are a proposal which relatively recently reached stage 4 in the standardization process. Wasmtime first enabled support for tail calls by default in Wasmtime 21.0.0, although that release contained a bug where it was only on-by-default for some configurations. In Wasmtime 22.0.0 tail calls were enabled by default for all configurations. The specific crash happens when an exported function in a WebAssembly module (or component) performs a `return_call` (or `return_call_indirect` or `return_call_ref`) to an imported host function which captures a stack trace (for example, the host function raises a trap). In this situation, the stack-walking code previously assumed there was always at least one WebAssembly frame on the stack but with tail calls that is no longer true. With the tail-call proposal it\u0027s possible to have an entry trampoline appear as if it directly called the exit trampoline. This situation triggers an internal assert in the stack-walking code which raises a Rust `panic!()`. When Wasmtime is compiled with Rust versions 1.80 and prior this means that an `extern \"C\"` function in Rust is raising a `panic!()`. This is technically undefined behavior and typically manifests as a process abort when the unwinder fails to unwind Cranelift-generated frames. When Wasmtime is compiled with Rust versions 1.81 and later this panic becomes a deterministic process abort. Overall the impact of this issue is that this is a denial-of-service vector where a malicious WebAssembly module or component can cause the host to crash. There is no other impact at this time other than availability of a service as the result of the crash is always a crash and no more. This issue was discovered by routine fuzzing performed by the Wasmtime project via Google\u0027s OSS-Fuzz infrastructure. We have no evidence that it has ever been exploited by an attacker in the wild. All versions of Wasmtime which have tail calls enabled by default have been patched: * 21.0.x - patched in 21.0.2 * 22.0.x - patched in 22.0.1 * 23.0.x - patched in 23.0.3 * 24.0.x - patched in 24.0.1 * 25.0.x - patched in 25.0.2. Wasmtime versions from 12.0.x (the first release with experimental tail call support) to 20.0.x (the last release with tail-calls off-by-default) have support for tail calls but the support is disabled by default. These versions are not affected in their default configurations, but users who explicitly enabled tail call support will need to either disable tail call support or upgrade to a patched version of Wasmtime. The main workaround for this issue is to disable tail support for tail calls in Wasmtime, for example with `Config::wasm_tail_call(false)`. Users are otherwise encouraged to upgrade to patched versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T18:03:33.944Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q8hx-mm92-4wvg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q8hx-mm92-4wvg"
},
{
"name": "https://github.com/bytecodealliance/wasmtime/pull/8540",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytecodealliance/wasmtime/pull/8540"
},
{
"name": "https://github.com/bytecodealliance/wasmtime/pull/8682",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytecodealliance/wasmtime/pull/8682"
},
{
"name": "https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_tail_call",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_tail_call"
},
{
"name": "https://github.com/WebAssembly/proposals",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WebAssembly/proposals"
},
{
"name": "https://github.com/webassembly/tail-call",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webassembly/tail-call"
}
],
"source": {
"advisory": "GHSA-q8hx-mm92-4wvg",
"discovery": "UNKNOWN"
},
"title": "Wasmtime runtime crash when combining tail calls with trapping imports"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47763",
"datePublished": "2024-10-09T18:03:33.944Z",
"dateReserved": "2024-09-30T21:28:53.231Z",
"dateUpdated": "2024-10-09T19:50:25.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-47763\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-10-09T18:15:08.863\",\"lastModified\":\"2024-10-10T12:51:56.987\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Wasmtime is an open source runtime for WebAssembly. Wasmtime\u0027s implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtime crash is a deterministic process abort when Wasmtime is compiled with Rust 1.81 and later. WebAssembly tail calls are a proposal which relatively recently reached stage 4 in the standardization process. Wasmtime first enabled support for tail calls by default in Wasmtime 21.0.0, although that release contained a bug where it was only on-by-default for some configurations. In Wasmtime 22.0.0 tail calls were enabled by default for all configurations. The specific crash happens when an exported function in a WebAssembly module (or component) performs a `return_call` (or `return_call_indirect` or `return_call_ref`) to an imported host function which captures a stack trace (for example, the host function raises a trap). In this situation, the stack-walking code previously assumed there was always at least one WebAssembly frame on the stack but with tail calls that is no longer true. With the tail-call proposal it\u0027s possible to have an entry trampoline appear as if it directly called the exit trampoline. This situation triggers an internal assert in the stack-walking code which raises a Rust `panic!()`. When Wasmtime is compiled with Rust versions 1.80 and prior this means that an `extern \\\"C\\\"` function in Rust is raising a `panic!()`. This is technically undefined behavior and typically manifests as a process abort when the unwinder fails to unwind Cranelift-generated frames. When Wasmtime is compiled with Rust versions 1.81 and later this panic becomes a deterministic process abort. Overall the impact of this issue is that this is a denial-of-service vector where a malicious WebAssembly module or component can cause the host to crash. There is no other impact at this time other than availability of a service as the result of the crash is always a crash and no more. This issue was discovered by routine fuzzing performed by the Wasmtime project via Google\u0027s OSS-Fuzz infrastructure. We have no evidence that it has ever been exploited by an attacker in the wild. All versions of Wasmtime which have tail calls enabled by default have been patched: * 21.0.x - patched in 21.0.2 * 22.0.x - patched in 22.0.1 * 23.0.x - patched in 23.0.3 * 24.0.x - patched in 24.0.1 * 25.0.x - patched in 25.0.2. Wasmtime versions from 12.0.x (the first release with experimental tail call support) to 20.0.x (the last release with tail-calls off-by-default) have support for tail calls but the support is disabled by default. These versions are not affected in their default configurations, but users who explicitly enabled tail call support will need to either disable tail call support or upgrade to a patched version of Wasmtime. The main workaround for this issue is to disable tail support for tail calls in Wasmtime, for example with `Config::wasm_tail_call(false)`. Users are otherwise encouraged to upgrade to patched versions.\"},{\"lang\":\"es\",\"value\":\"Wasmtime es un entorno de ejecuci\u00f3n de c\u00f3digo abierto para WebAssembly. La implementaci\u00f3n de Wasmtime de las llamadas finales de WebAssembly combinadas con los seguimientos de pila puede provocar un bloqueo del entorno de ejecuci\u00f3n en determinados m\u00f3dulos de WebAssembly. El bloqueo del entorno de ejecuci\u00f3n puede ser un comportamiento indefinido si Wasmtime se compil\u00f3 con Rust 1.80 o una versi\u00f3n anterior. El bloqueo del entorno de ejecuci\u00f3n es una interrupci\u00f3n determinista del proceso cuando Wasmtime se compila con Rust 1.81 y versiones posteriores. Las llamadas finales de WebAssembly son una propuesta que hace relativamente poco tiempo lleg\u00f3 a la etapa 4 del proceso de estandarizaci\u00f3n. Wasmtime habilit\u00f3 por primera vez el soporte para llamadas finales de forma predeterminada en Wasmtime 21.0.0, aunque esa versi\u00f3n conten\u00eda un error en el que solo estaba activado de forma predeterminada para algunas configuraciones. En Wasmtime 22.0.0, las llamadas finales estaban habilitadas de forma predeterminada para todas las configuraciones. El fallo espec\u00edfico ocurre cuando una funci\u00f3n exportada en un m\u00f3dulo (o componente) WebAssembly realiza una `return_call` (o `return_call_indirect` o `return_call_ref`) a una funci\u00f3n host importada que captura un seguimiento de la pila (por ejemplo, la funci\u00f3n host genera una trampa). En esta situaci\u00f3n, el c\u00f3digo de recorrido de pila asum\u00eda anteriormente que siempre hab\u00eda al menos un framework WebAssembly en la pila, pero con las llamadas de cola eso ya no es cierto. Con la propuesta de llamada de cola es posible que aparezca un trampol\u00edn de entrada como si llamara directamente al trampol\u00edn de salida. Esta situaci\u00f3n activa una aserci\u00f3n interna en el c\u00f3digo de recorrido de pila que genera un `panic!()` de Rust. Cuando Wasmtime se compila con las versiones 1.80 y anteriores de Rust, esto significa que una funci\u00f3n `extern \\\"C\\\"` en Rust est\u00e1 generando un `panic!()`. Este es un comportamiento t\u00e9cnicamente indefinido y normalmente se manifiesta como un aborto del proceso cuando el desenrollador no puede desenrollar los frameworks generados por Cranelift. Cuando Wasmtime se compila con las versiones 1.81 y posteriores de Rust, este p\u00e1nico se convierte en un aborto determinista del proceso. En general, el impacto de este problema es que se trata de un vector de denegaci\u00f3n de servicio en el que un m\u00f3dulo o componente WebAssembly malintencionado puede provocar que el host se bloquee. No hay otro impacto en este momento que no sea la disponibilidad de un servicio, ya que el resultado del bloqueo es siempre un bloqueo y nada m\u00e1s. Este problema fue descubierto por un fuzzing de rutina realizado por el proyecto Wasmtime a trav\u00e9s de la infraestructura OSS-Fuzz de Google. No tenemos evidencia de que un atacante lo haya explotado alguna vez. Todas las versiones de Wasmtime que tienen llamadas de cola habilitadas de manera predeterminada han sido parcheadas: * 21.0.x - parcheado en 21.0.2 * 22.0.x - parcheado en 22.0.1 * 23.0.x - parcheado en 23.0.3 * 24.0.x - parcheado en 24.0.1 * 25.0.x - parcheado en 25.0.2. Las versiones de Wasmtime desde 12.0.x (la primera versi\u00f3n con soporte experimental para llamadas de cola) hasta 20.0.x (la \u00faltima versi\u00f3n con llamadas de cola desactivadas de manera predeterminada) tienen soporte para llamadas de cola, pero el soporte est\u00e1 deshabilitado de manera predeterminada. Estas versiones no se ven afectadas en sus configuraciones predeterminadas, pero los usuarios que habilitaron expl\u00edcitamente el soporte para llamadas de cola deber\u00e1n deshabilitar el soporte para llamadas de cola o actualizar a una versi\u00f3n parcheada de Wasmtime. La principal soluci\u00f3n alternativa para este problema es deshabilitar la compatibilidad con las llamadas de cola en Wasmtime, por ejemplo con `Config::wasm_tail_call(false)`. De lo contrario, se recomienda a los usuarios que actualicen a versiones parcheadas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-670\"}]}],\"references\":[{\"url\":\"https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_tail_call\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/WebAssembly/proposals\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/bytecodealliance/wasmtime/pull/8540\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/bytecodealliance/wasmtime/pull/8682\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q8hx-mm92-4wvg\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/webassembly/tail-call\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47763\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-09T19:47:52.888662Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-09T19:48:04.151Z\"}}], \"cna\": {\"title\": \"Wasmtime runtime crash when combining tail calls with trapping imports\", \"source\": {\"advisory\": \"GHSA-q8hx-mm92-4wvg\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"bytecodealliance\", \"product\": \"wasmtime\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 21.0.0, \u003c 21.0.2\"}, {\"status\": \"affected\", \"version\": \"\u003e= 22.0.0, \u003c 22.0.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 23.0.0, \u003c 23.0.3\"}, {\"status\": \"affected\", \"version\": \"\u003e= 24.0.0, \u003c 24.0.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 25.0.0, \u003c 25.0.2\"}]}], \"references\": [{\"url\": \"https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q8hx-mm92-4wvg\", \"name\": \"https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q8hx-mm92-4wvg\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/bytecodealliance/wasmtime/pull/8540\", \"name\": \"https://github.com/bytecodealliance/wasmtime/pull/8540\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/bytecodealliance/wasmtime/pull/8682\", \"name\": \"https://github.com/bytecodealliance/wasmtime/pull/8682\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_tail_call\", \"name\": \"https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_tail_call\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/WebAssembly/proposals\", \"name\": \"https://github.com/WebAssembly/proposals\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/webassembly/tail-call\", \"name\": \"https://github.com/webassembly/tail-call\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Wasmtime is an open source runtime for WebAssembly. Wasmtime\u0027s implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtime crash is a deterministic process abort when Wasmtime is compiled with Rust 1.81 and later. WebAssembly tail calls are a proposal which relatively recently reached stage 4 in the standardization process. Wasmtime first enabled support for tail calls by default in Wasmtime 21.0.0, although that release contained a bug where it was only on-by-default for some configurations. In Wasmtime 22.0.0 tail calls were enabled by default for all configurations. The specific crash happens when an exported function in a WebAssembly module (or component) performs a `return_call` (or `return_call_indirect` or `return_call_ref`) to an imported host function which captures a stack trace (for example, the host function raises a trap). In this situation, the stack-walking code previously assumed there was always at least one WebAssembly frame on the stack but with tail calls that is no longer true. With the tail-call proposal it\u0027s possible to have an entry trampoline appear as if it directly called the exit trampoline. This situation triggers an internal assert in the stack-walking code which raises a Rust `panic!()`. When Wasmtime is compiled with Rust versions 1.80 and prior this means that an `extern \\\"C\\\"` function in Rust is raising a `panic!()`. This is technically undefined behavior and typically manifests as a process abort when the unwinder fails to unwind Cranelift-generated frames. When Wasmtime is compiled with Rust versions 1.81 and later this panic becomes a deterministic process abort. Overall the impact of this issue is that this is a denial-of-service vector where a malicious WebAssembly module or component can cause the host to crash. There is no other impact at this time other than availability of a service as the result of the crash is always a crash and no more. This issue was discovered by routine fuzzing performed by the Wasmtime project via Google\u0027s OSS-Fuzz infrastructure. We have no evidence that it has ever been exploited by an attacker in the wild. All versions of Wasmtime which have tail calls enabled by default have been patched: * 21.0.x - patched in 21.0.2 * 22.0.x - patched in 22.0.1 * 23.0.x - patched in 23.0.3 * 24.0.x - patched in 24.0.1 * 25.0.x - patched in 25.0.2. Wasmtime versions from 12.0.x (the first release with experimental tail call support) to 20.0.x (the last release with tail-calls off-by-default) have support for tail calls but the support is disabled by default. These versions are not affected in their default configurations, but users who explicitly enabled tail call support will need to either disable tail call support or upgrade to a patched version of Wasmtime. The main workaround for this issue is to disable tail support for tail calls in Wasmtime, for example with `Config::wasm_tail_call(false)`. Users are otherwise encouraged to upgrade to patched versions.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-670\", \"description\": \"CWE-670: Always-Incorrect Control Flow Implementation\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-10-09T18:03:33.944Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-47763\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-09T19:50:25.886Z\", \"dateReserved\": \"2024-09-30T21:28:53.231Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-10-09T18:03:33.944Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.