CVE-2021-39216

Use After Free in pypi/wasmtime

Identifier

CVE-2021-39216

Package Slug

pypi/wasmtime

Vulnerability

Use After Free

Description

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from and there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a Wasm instance at the same time, either by passing multiple externrefs as arguments from host code to a Wasm function, or returning multiple externrefs to Wasm from a multi-value return function defined in the host.

Affected Versions

All versions starting from 0.19.0 before 0.30.0

Solution

Upgrade to version 0.30.0 or above.

Last Modified

2021-10-10

source