CVE-2024-30266
LOWwasmtime 19.0.0 - Type Confusion via WebAssembly Module Execution
Title source: llmDescription
wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1.
References (5)
Core 5
Core References
Mitigation, Third Party Advisory x_refsource_confirm
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5
Exploit, Issue Tracking x_refsource_misc
https://github.com/bytecodealliance/wasmtime/issues/8281
Patch x_refsource_misc
https://github.com/bytecodealliance/wasmtime/pull/8018
Patch x_refsource_misc
https://github.com/bytecodealliance/wasmtime/pull/8283
Scores
CVSS v3
3.3
EPSS
0.0032
EPSS Percentile
23.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-843
Status
published
Products (2)
bytecodealliance/wasmtime
19.0.0
crates.io/wasmtime
19.0.0 - 19.0.1crates.io
Published
Apr 04, 2024
Tracked Since
Feb 18, 2026