chore(deps): update rust crate wasmtime to v36 [security]#200
Open
renovate[bot] wants to merge 1 commit into
Open
chore(deps): update rust crate wasmtime to v36 [security]#200renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
renovate
Bot
force-pushed
the
renovate/crate-wasmtime-vulnerability
branch
from
7b1ed26 to
2e77907
Compare
renovate
Bot
force-pushed
the
renovate/crate-wasmtime-vulnerability
branch
from
2e77907 to
6e5633f
Compare
renovate
Bot
force-pushed
the
renovate/crate-wasmtime-vulnerability
branch
from
6e5633f to
fdaa0e0
Compare
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/crate-wasmtime-vulnerability
branch
2 times, most recently
from
fdaa0e0 to
c66370a
Compare
renovate
Bot
force-pushed
the
renovate/crate-wasmtime-vulnerability
branch
from
c66370a to
d85880c
Compare
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/crate-wasmtime-vulnerability
branch
2 times, most recently
from
d85880c to
ffc1091
Compare
renovate
Bot
force-pushed
the
renovate/crate-wasmtime-vulnerability
branch
from
ffc1091 to
7824c63
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
=33.0.2→=36.0.8Wasmtime provides unsound API access to a WebAssembly shared linear memory
CVE-2025-64345 / GHSA-hc7m-r6v8-hg9q
More information
Details
Impact
Wasmtime's Rust embedder API contains an unsound interaction where a WebAssembly shared linear memory could be viewed as a type which provides safe access to the host (Rust) to the contents of the linear memory. This is not sound for shared linear memories, which could be modified in parallel, and this could lead to a data race in the host.
Wasmtime has a
wasmtime::Memorytype which represents linear memories in a WebAssembly module. Wasmtime also haswasmtime::SharedMemory, however, which represents shared linear memories introduced in the WebAssemblythreadsproposal. The API ofSharedMemorydoes not provide accessors which return&[u8]in Rust, for example, as that's not a sound type signature when other threads could be modifying memory. Thewasmtime::Memorytype, however, does provide this API as it's intended to be used with non-shared memories where static knowledge is available that no concurrent or parallel reads or writes are happening. This means that it's not sound to represent a shared linear memory withwasmtime::Memoryand it must instead be represented withwasmtime::SharedMemory.There were two different, erroneous, methods of creating a
wasmtime::Memorywhich represents a shared memory however:wasmtime::Memory::newconstructor takes aMemoryTypewhich could beshared. This function did not properly reject shared memory types and require usage ofSharedMemory::newinstead.wasmtime::Memory. This means that a core dump would perform an unsynchronized read of shared linear memory, possibly leading to data races.This is a bug in Wasmtime's safe Rust API. It should not be possible to cause unsoundness with Wasmtime's embedding API if
unsafeis not used. Embeddings which do not use the wasm threads proposal nor created shared memories nor actually share shared memories across threads are unaffected. Only if shared memories are created across threads might an embedding be affected.Patches
Patch releases have been issued for all supported versions of Wasmtime, notably: 24.0.5, 36.0.3, 37.0.3, and 38.0.4. These releases reject creation of shared memories via
Memory::newand shared memories are now excluded from core dumps.Workarounds
Embeddings affected by this issue should use
SharedMemory::newinstead ofMemory::newto create shared memories. Affected embeddings should also disable core dumps if they are unable to upgrade. Note that core dumps are disabled by default but the wasm threads proposal (and shared memory) is enabled by default. It's recommended to upgrade to a patched version of Wasmtime, however.Severity
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64
CVE-2026-24116 / GHSA-vc8c-j3xm-xj73
More information
Details
On x86-64 platforms with AVX Wasmtime's compilation of the
f64.copysignWebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled it's possible for out-of-sandbox data to be loaded, but unless there is another bug in Cranelift this data is not visible to WebAssembly guests.Details
The
f64.copysignoperator, when operating on a value loaded from a memory (for example withf64.load), compiles with Cranelift to code on x86-64 with AVX that loads 128 bits (16 bytes) rather than the expected 64 bits (8 bytes) from memory. When the address is in-bounds for a (correct) 8-byte load but not an (incorrect) 16-byte load, this can load beyond memory by up to 8 bytes. This can result in three different behaviors depending on Wasmtime's configuration:Wasmtime's default configuration is case (2) in this case. That means that Wasmtime, by default, incorrectly executes this WebAssembly instruction but does not have insecure behavior.
Impact
If signals-based-traps are disabled and guard pages are enabled then guests can trigger an uncaught segfault in the host, likely aborting the host process. This represents, for example, a DoS vector for WebAssembly guests.
This bug does not affect Wasmtime's default configuration and requires signals-based-traps to be disabled. This bug only affects the x86-64 target with the AVX feature enabled and the Cranelift backend (Wasmtime's default backend).
Patches
Wasmtime 36.0.5, 40.0.3, and 41.0.1 have been released to fix this issue. Users are recommended to upgrade to the patched versions of Wasmtime. Other affected versions are not patched and users should updated to supported major version instead.
Workarounds
This bug can be worked around by enabling signals-based-traps. While disabling guard pages can be a quick fix in some situations, it's not recommended to disabled guard pages as it is a key defense-in-depth measure of Wasmtime.
Resources
Severity
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion
CVE-2026-27204 / GHSA-852m-cvvp-9p4w
More information
Details
Impact
Wasmtime's implementation of WASI host interfaces are susceptible to guest-controlled resource exhaustion on the host. Wasmtime did not appropriately place limits on resource allocations requested by the guests. This serves as a Denial of Service vector where a guest can induce a range of crashing behaviors on the host such as:
Wasmtime's security bug policy considers all of these behaviors a security vulnerability. Wasmtime's implementation of WASI has a number of different ways that resource exhaustion could happen, and fixing any one of them is insufficient from solving this vulnerability. A number of individual issues are grouped within this advisory and as a whole represent the known ways that guests can exhaust resources on the host.
An example of guest-controlled resource exhaustion within Wasmtime's implementation of WASI is guests could repeatedly allocate handles to themselves without limit. Some APIs also caused the host to perform a guest-controlled-sized allocation of a buffer on the host for I/O operations. Other APIs could force the host to buffer arbitrary amounts of data for the guest. Finally the guest could hand arbitrarily large allocations from itself to the host which could cause the host to perform an arbitrarily sized copy of memory which in some situations could result in quadratically sized allocations.
Wasmtime's implementations of WASIp1 and WASIp2 are affected by this vulnerability. Any host API modeled with the Component Model (or WIT) which operates on a
stringorlist<T>type is also affected. Not all WIT and WASI APIs are affected by this issue, but that's more of an exception so it's recommended for all embedders to consider themselves affected.To address this issue a number of mitigations are being applied to limit the behavior of a guest in WASI. All of these mitigations manifest in the form of a limit of some kind applied to various situations, and as such all of these mitigations are backwards-incompatible as they run the risk of breaking preexisting programs. To address this all backports to previous stable releases have these limits tuned to overly-large values. This ensures that preexisting guests do not break while still providing embedders the knobs to prevent this DoS vector as well. The limits added to Wasmtime are:
-Smax-resources=NorResourceTable::set_max_capacity- the maximum number of resources that a guest is allowed to allocate for itself.-Shostcall-fuel=NorStore::set_hostcall_fuel- the maximum amount of data that the guest may copy to the host in a single function call.-Smax-random-size=NorWasiCtxBuilder::max_random_size- the maximum size of the return value ofget-random-bytesandget-insecure-random-bytesin thewasi:randomimplementations.-Smax-http-fields-size=NorWasiHttpCtx::set_max_fields_size- the maximum size of headers for an HTTP request/response.These settings are equally applicable to both WASIp1 and WASIp2. Wasmtime 41.0.x and prior previously did not limit these settings and the knobs being released are set to very large values by default to avoid any breaking behavior. Embedders will need to proactively tune these knobs as appropriate for their embeddings. The default settings in the unreleased Wasmtime 42.0.0 are 1M for max resources, 128MiB for hostcall fuel, 64MiB for max-random-size, and 32KiB for http fields size. Tuning is not expected for Wasmtime 42.0.0+.
Hosts/embedders affected by this issue are encouraged to audit and double-check their own host APIs they have implemented to see whether they are affected by this issue as well. The
-Shostcall-fuelsetting is intended to be a relatively coarse fix for many possible issues by limiting the amount of data for all host APIs at once, so many embedders may not need to take further action beyond updating Wasmtime and configuring it appropriately (if not updating to 42.0.0). Embedders should audit to see, however, if the guest is able to force the host to allocate on its behalf and ensure that the allocation is limited or tracked somehow.Patches
Wasmtime 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0 have all been released with the fix for this issue. These versions do not prevent this issue in their default configuration to avoid breaking preexisting behaviors. All versions of Wasmtime have appropriate knobs to prevent this behavior, and Wasmtime 42.0.0-and-later will have these knobs tuned by default to prevent this issue from happening.
Workarounds
There are no known workarounds for this issue without upgrading. Embedders are recommended to upgrade and configure their embeddings as necessary to prevent possibly-malicious guests from triggering this issue.
Resources
Store::set_hostcall_fuelResourceTable::set_max_capacityWasiCtxBuilder::max_random_sizeSeverity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Wasmtime can panic when adding excessive fields to a
wasi:http/types.fieldsinstanceCVE-2026-27572 / GHSA-243v-98vx-264h
More information
Details
Impact
Wasmtime's implementation of the
wasi:http/types.fieldsresource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in thewasmtime-wasi-httpcrate is backed by a data structure which panics when it reaches excessive capacity and this condition was not handled gracefully in Wasmtime. Panicking in a WASI implementation is a Denial of Service vector for embedders and is treated as a security vulnerability in Wasmtime.Patches
Wasmtime 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0 patch this vulnerability and return a trap to the guest instead of panicking.
Workarounds
There are no known workarounds at this time, embedders are encouraged to update to a patched version of Wasmtime.
Resources
http::HeaderMapSeverity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Wasmtime: Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding
CVE-2026-34941 / GHSA-hx6p-xpx3-jvvv
More information
Details
Summary
Wasmtime contains a vulnerability where when transcoding a UTF-16 string to the latin1+utf16 component-model encoding it would incorrectly validate the byte length of the input string when performing a bounds check. Specifically the number of code units were checked instead of the byte length, which is twice the size of the code units.
This vulnerability can cause the host to read beyond the end of a WebAssembly's linear memory in an attempt to transcode nonexistent bytes. In Wasmtime's default configuration this will read unmapped memory on a guard page, terminating the process with a segfault. Wasmtime can be configured, however, without guard pages which would mean that host memory beyond the end of linear memory may be read and interpreted as UTF-16.
A host segfault is a denial-of-service vulnerability in Wasmtime, and possibly being able to read beyond the end of linear memory is additionally a vulnerability. Note that reading beyond the end of linear memory requires nonstandard configuration of Wasmtime, specifically with guard pages disabled.
Impact
This is an out-of-bounds memory access. Any user running untrusted wasm components that use cross-component string passing (with UTF-16 source and latin1+utf16 destination encodings) is affected.
Patches
Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.
Workarounds
There is no workaround for this bug. Hosts are recommended to updated to a patched version of Wasmtime.
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Wasmtime: Panic when transcoding misaligned utf-16 strings
CVE-2026-34942 / GHSA-jxhv-7h78-9775
More information
Details
Impact
Wasmtime's implementation of transcoding strings into the Component Model's
utf16orlatin1+utf16encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be passed to the host for transcoding which would trigger a host panic. This panic is possible to trigger from malicious guests which transfer very specific strings across components with specific addresses.Host panics are considered a DoS vector in Wasmtime as the panic conditions are controlled by the guest in this situation.
Patches
Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.
Workarounds
There is no workaround for this bug. Hosts are recommended to updated to a patched version of Wasmtime.
Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Wasmtime has a possible panic when lifting
flagscomponent valueCVE-2026-34943 / GHSA-m758-wjhj-p3jq
More information
Details
Impact
Wasmtime contains a possible panic which can happen when a
flags-typed component model value is lifted with theValtype. If bits are set outside of the set of flags the component model specifies that these bits should be ignored but Wasmtime will panic when this value is lifted. This panic only affects wasmtime's implementation of lifting intoVal, not when using theflags!macro. This additionally only affectsflags-typed values which are part of a WIT interface.This has the risk of being a guest-controlled panic within the host which Wasmtime considers a DoS vector.
Patches
Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.
Workarounds
There is no workaround for this bug if a host meets the criteria to be affected. To be affected a host must be using
wasmtime::component::Valand possibly work with aflagstype in the component model.Severity
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Wasmtime segfault or unused out-of-sandbox load with
f64x2.splatoperator on x86-64CVE-2026-34944 / GHSA-qqfj-4vcm-26hv
More information
Details
On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the
f64x2.splatWebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled it's possible for out-of-sandbox data to be loaded, but this data is not visible to WebAssembly guests.Details
The
f64x2.splatoperator, when operating on a value loaded from a memory (for example with f64.load), compiles with Cranelift to code on x86-64 without SSE3 that loads 128 bits (16 bytes) rather than the expected 64 bits (8 bytes) from memory. When the address is in-bounds for a (correct) 8-byte load but not an (incorrect) 16-byte load, this can load beyond memory by up to 8 bytes. This can result in three different behaviors depending on Wasmtime's configuration:Wasmtime's default configuration is case (2) in this case. That means that Wasmtime, by default, incorrectly executes this
WebAssembly instruction but does not have insecure behavior.
Impact
If signals-based-traps are disabled and guard pages are enabled then guests can trigger an uncaught segfault in the host, likely aborting the host process. This represents, for example, a DoS vector for WebAssembly guests.
This bug does not affect Wasmtime's default configuration and requires signals-based-traps to be disabled. This bug only affects the x86-64 target with the SSE3 feature disabled and the Cranelift backend (Wasmtime's default backend).
Patches
Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.
Workarounds
This bug only affects x86-64 hosts where SSE3 is disabled. If SSE3 is enabled or if a non-x86-64 host is used then hosts are not affect. Otherwise there are no known workarounds to this issue.
Severity
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Wasmtime has host data leakage with 64-bit tables and Winch
CVE-2026-34945 / GHSA-m9w2-8782-2946
More information
Details
Impact
Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the
table.sizeinstruction. This bug could lead to disclosing data on the host's stack to WebAssembly guests. The host's stack can possibly contain sensitive data related to other host-originating operations which is not intended to be disclosed to guests.This bug specifically arose from a mistake where the return value of
table.sizewas statically typed as a 32-bit integer, as opposed to consulting the table's index type to see how large the returned register could be. When combined with details about Wnich's ABI, such as multi-value returns, this can be combined to read stack data from the host, within a guest. This information disclosure should not be possible in WebAssembly, violates spec semantics, and is a vulnerability in Wasmtime.Patches
Wasmtime 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.
Workarounds
Users of Cranelift are not affected by this issue, but users of Winch have no workarounds other than disabling the
Config::wasm_memory64proposal.Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Wasmtime: Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift
CVE-2026-34971 / GHSA-jhxm-h53p-jm7w
More information
Details
Impact
Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a guest WebAssembly module this can create a situation where there are two diverging computations for the same address: one for the address to bounds-check and one for the address to load. This difference in address being operated on means that a guest module can pass a bounds check but then load a different address. Combined together this enables an arbitrary read/write primitive for guest WebAssembly when accesssing host memory. This is a sandbox escape as guests are able to read/write arbitrary host memory.
This vulnerability has a few ingredients, all of which must be met, for this situation to occur and bypass the sandbox restrictions:
Config::wasm_memory64is enabled. 32-bit WebAssembly is not affected.The specific bug in Cranelift is a miscompile of a load of the shape
load(iadd(base, ishl(index, amt)))whereamtis a constant. Theamtvalue is masked incorrectly to test if it's a certain value, and this incorrect mask means that Cranelift can pattern-match this lowering rule during instruction selection erroneously, diverging from WebAssembly's and Cranelift's semantics. This incorrect lowering would, for example, load an address much further away than intended as the correct address's computation would have wrapped around to a smaller value insetad.Patches
Wasmtime 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.
Workarounds
This bug only affects users of Cranelift on aarch64. Cranelift on other platforms is not affected. Additionally this only affects 64-bit WebAssembly linear memories, so if
Config::wasm_memory64is disabled then hosts are not affected. Note thatConfig::wasm_memory64is enabled by default. If spectre mitigations are enabled, which are enabled by default, then hosts are not affected by this issue.Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Wasmtime has host panic when Winch compiler executes
table.fillCVE-2026-34946 / GHSA-q49f-xg75-m9xw
More information
Details
Impact
Wasmtime's Winch compiler contains a vulnerability where the compilation of the
table.fillinstruction can result in a host panic. This means that a valid guest can be compiled with Winch, on any architecture, and cause the host to panic. This represents a denial-of-service vulnerability in Wasmtime due to guests being able to trigger a panic.The specific issue is that a historical refactoring, #11254, changed how compiled code referenced tables within the
table.*instructions. This refactoring forgot to update the Winch code paths associated as well, meaning that Winch was using the wrong indexing scheme. Due to the feature support of Winch the only problem that can result is tables being mixed up or nonexistent tables being used, meaning that the guest is limited to panicking the host (using a nonexistent table), or executing spec-incorrect behavior and modifying the wrong table.Patches
Wasmtime 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.
Workarounds
Users of Cranelift are not affected by this issue, but for users of Winch there is no workaround for this bug. Hosts are recommended to updated to a patched version of Wasmtime.
Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Wasmtime has data leakage between pooling allocator instances
CVE-2026-34988 / GHSA-6wgr-89rj-399p
More information
Details
Impact
Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance to the next. The implementation of resetting the virtual memory permissions for linear memory used the wrong predicate to determine if resetting was necessary, where the compilation process used a different predicate. This divergence meant that the pooling allocator incorrectly deduced at runtime that resetting virtual memory permissions was not necessary while compile-time determine that virtual memory could be relied upon.
Exposing this bug requires specific configuration values to be used. If any of these configurations are not applicable then this bug does not happen:
Config::memory_guard_sizeconfiguration option must be 0.Config::memory_reservationconfiguration must be less than 4GiB.max_memory_sizethe same as thememory_reservationvalue.If all of these conditions are applicable then when a linear memory is reused the VM permissions of the previous iteration are not reset. This means that the compiled code, which is assuming out-of-bounds loads will segfault, will not actually segfault and can read the previous contents of linear memory if it was previously mapped.
This represents a data leakage vulnerability between guest WebAssembly instances which breaks WebAssembly's semantics and additionally breaks the sandbox that Wasmtime provides. Wasmtime is not vulnerable to this issue with its default settings, nor with the default settings of the pooling allocator, but embeddings are still allowed to configure these values to cause this vulnerability.
Patches
Wasmtime 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.
Workarounds
All four conditions above must be met to be vulnerable to this bug, and users can work around this bug by adjusting any of the above conditions. For example it is strongly recommended that guard pages are configured for linear memories which would make this bug not applicable.
Severity
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Wasmtime has out-of-bounds write or crash when transcoding component model strings
CVE-2026-35195 / GHSA-394w-hwhg-8vgm
More information
Details
Impact
Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest component's
reallocis not validated before the host attempts to write through the pointer. This enables a guest to cause the host to write arbitrary transcoded string bytes to an arbitrary location up to 4GiB away from the base of linear memory. These writes on the host could hit unmapped memory or could corrupt host data structures depending on Wasmtime's configuration.Wasmtime by default reserves 4GiB of virtual memory for a guest's linear memory meaning that this bug will by default on hosts cause the host to hit unmapped memory and abort the process due to an unhandled fault. Wasmtime can be configured, however, to reserve less memory for a guest and to remove all guard pages, so some configurations of Wasmtime may lead to corruption of data outside of a guest's linear memory, such as host data structures or other guests's linear memories.
Patches
Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug. Users are recommended to update to these patched versions of Wasmtime.
Workarounds
There is no known workaround for this issue and affected hosts/embeddings are recommended to upgrade.
Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access
CVE-2026-34987 / GHSA-xx5w-cvp6-jv83
More information
Details
Impact
Wasmtime with its Winch (baseline) non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox.
This vulnerability requires use of the Winch compiler (
-Ccompiler=winch). By default, Wasmtime uses its Cranelift backend, not Winch. With Winch, the same incorrect assumption is present in theory on both aarch64 and x86-64. The aarch64 case has an observed-working proof of concept, while the x86-64 case is theoretical and may not be reachable in practice.This Winch compiler bug can allow the Wasm guest to access memory before or after the linear-memory region, independently of whether pre- or post-guard regions are configured. The accessible range in the initial bug proof-of-concept is up to 32KiB before the start of memory, or ~4GiB after the start of memory, independently of the size of pre- or post-guard regions or the use of explicit or guard-region-based bounds checking. However, the underlying bug assumes a 32-bit memory offset stored in a 64-bit register has its upper bits cleared when it may not, and so closely related variants of the initial proof-of-concept may be able to access truly arbitrary memory in-process. This could result in a host process segmentation fault (DoS), an arbitrary data leak from the host process, or with a write, potentially an arbitrary RCE.
Patches
Wasmtime 43.0.1, 42.0.2, and 36.0.7 have been released with fixes for this issue.
Workaround
There are no workarounds within the Winch compiler backend while using the affected versions. Users of Wasmtime are encouraged either to upgrade to patched versions or, if that is not possible, use the Cranelift compiler backend.
Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Wasmtime has improperly masked return value from
table.growwith Winch compiler backendCVE-2026-35186 / GHSA-f984-pcp8-v2p7
More information
Details
Impact
Wasmtime's Winch compiler backend contains a bug where translating the
table.growoperator causes the result to be incorrectly typed. For 32-bit tables this means that the result of the operator, internally in Winch, is tagged as a 64-bit value instead of a 32-bit value. This invalid internal representation of Winch's compiler state compounds into further issues depending on how the value is consumed.One example can be seen when the result of
table.growis used as the address of a load operation. The load operation is tricked into thinking the address is a 64-bit value, not a 32-bit value, which means that the final address to load from is calculated incorrectly. This can lead to a situation where the bytes before the start of linear memory can be loaded/stored to.The primary consequence of this bug is that bytes in the host's address space can be stored/read from. This is only applicable to the 16 bytes before linear memory, however, as the only significant return value of
table.growthat can be misinterpreted is -1. The bytes before linear memory are, by default, unmapped memory. Wasmtime will detect this fault and abort the process, however, because wasm should not be able to access these bytes.Overall this this bug in Winch represents a DoS vector by crashing the host process, a correctness issue within Winch, and a possible leak of up to 16-bytes before linear memory. Wasmtime's default compiler is Cranelift, not Winch, and Wasmtime's default settings are to place guard pages before linear memory. This means that Wasmtime's default configuration is not affected by this issue, and when explicitly choosing Winch Wasmtime's otherwise default configuration leads to a DoS. Disabling guard pages before linear memory is required to possibly leak up to 16-bytes of host data.
Patches
Wasmtime 43.0.1, 42.0.2, and 36.0.7 have been released with fixes for this issue.
Workaround
There are no workarounds within the Winch compiler backend while using the affected versions. Users of Wasmtime are encouraged either to upgrade to patched versions or, if that is not possible, use the Cranelift compiler backend.
Severity
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
wasmtime has a panic when allocating a table exceeding the size of the host's address space
CVE-2026-44216 / GHSA-p8xm-42r7-89xg
More information
Details
Impact
Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This overflow is possible to trigger, and thus panic, when a table with an extremely large size is allocated. This is possible with the WebAssembly memory64 proposal where tables can have sizes in the 64-bit range as opposed to the previous 32-bit range which would not overflow. The panic happens when attempting to create a very large table, such as when instantiating a WebAssembly module or component.
This bug does not affect the pooling allocator which limits tables sizes to much less than the required amount to trigger the overflow. This bug is only present for the on-demand instance allocator, which is Wasmtime's default allocator. This bug also requires the
memory64WebAssembly feature to be enabled, which is on-by-default.Panicking in the host process is considered a denial-of-service vector for Wasmtime.
Patches
Wasmtime 36.0.8, 43.0.2, and 44.0.1 have all been released which fixes this issue.
Workarounds
Embeddings can switch to using the pooling allocator to work around this issue, or the
memory64WebAssembly proposal can be disabled. Otherwise there is no workaround and users are recommended to upgrade.Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
bytecodealliance/wasmtime (wasmtime)
v36.0.8Compare Source
36.0.8
Released 2026-04-30.
Fixed
GHSA-p8xm-42r7-89xg
v36.0.7[Compare Source](https://redirect.github.com/bytecodealliance/wasmtime/compare/v36.0.6...