CVE-2021-39216: Use After Free
(updated )
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from and there was a use-after-free bug when passing externref
s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externref
s from the host to a Wasm instance at the same time, either by passing multiple externref
s as arguments from host code to a Wasm function, or returning multiple externref
s to Wasm from a multi-value return function defined in the host.
References
Detect and mitigate CVE-2021-39216 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →