Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

bytecodealliance — Vulnerabilities & Security Advisories 48

Browse all 48 CVE security advisories affecting bytecodealliance. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Bytecode Alliance is a consortium focused on developing safe, open-source systems programming tools, most notably the WebAssembly System Interface (WASI) and the Cranelift compiler. Its primary objective is enabling secure, portable execution of untrusted code within sandboxed environments, primarily for cloud-native and edge computing applications. Historically, vulnerabilities associated with its ecosystem often stem from memory safety issues in Rust-based components or misconfigurations in WASI sandboxing policies. Common exploit classes include remote code execution via buffer overflows in legacy bindings and privilege escalation through improper capability delegation. While the organization emphasizes formal verification and safe defaults, incidents have occasionally involved improper isolation boundaries allowing escape from WebAssembly sandboxes. The group maintains a rigorous security posture through public audits and continuous integration testing, aiming to mitigate risks inherent in low-level systems programming by enforcing strict memory safety guarantees across its toolchain.

Top products by bytecodealliance: wasmtime wasm-micro-runtime lucet rustix cap-std
CVE IDTitleCVSSSeverityPublished
CVE-2024-30266 Wasmtime vulnerable to panic when using a dropped extenref-typed element segment — wasmtimeCWE-843 3.3 Low2024-04-04
CVE-2023-41880 Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64 — wasmtimeCWE-193 2.2 Low2023-09-15
CVE-2023-30624 Wasmtime has Undefined Behavior in Rust runtime functions — wasmtimeCWE-758 3.9 Low2023-04-27
CVE-2023-26489 Guest-controlled out-of-bounds read/write on x86_64 in wasmtime — wasmtimeCWE-125 10.0 Critical2023-03-08
CVE-2023-27477 Wasmtime 安全漏洞 — wasmtimeCWE-193 3.1 Low2023-03-08
CVE-2022-39394 wasmtime_trap_code C API function has out of bounds write vulnerability — wasmtimeCWE-787 3.8 Low2022-11-10
CVE-2022-39392 Wasmtime vulnerable to out of bounds read/write with zero-memory-pages configuration — wasmtimeCWE-119 5.9 Medium2022-11-10
CVE-2022-39393 Wasmtime vulnerable to data leakage between instances in the pooling allocator — wasmtimeCWE-226 8.6 High2022-11-10
CVE-2022-31169 Cranelift vulnerable to miscompilation of constant values in division on AArch64 — wasmtimeCWE-682 5.9 Medium2022-07-21
CVE-2022-31146 Use After Free in Wasmtime — wasmtimeCWE-416 6.4 Medium2022-07-20
CVE-2022-31104 Miscompilation of `i8x16.swizzle` and `select` with v128 inputs in Wasmtime — wasmtimeCWE-682 4.8 Medium2022-06-27
CVE-2022-24791 Use after free in Wasmtime — wasmtimeCWE-416 8.1 High2022-03-31
CVE-2022-23636 Invalid drop of partially-initialized instances in wasmtime — wasmtimeCWE-824 5.1 Medium2022-02-16
CVE-2021-43790 Use After Free in lucet — lucetCWE-416 8.5 High2021-11-29
CVE-2021-39218 Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime — wasmtimeCWE-590 6.3 Medium2021-09-17
CVE-2021-39219 Wrong type for `Linker`-define functions when used across two `Engine`s — wasmtimeCWE-843 6.3 Medium2021-09-17
CVE-2021-39216 Use after free passing `externref`s to Wasm in Wasmtime — wasmtimeCWE-416 6.3 Medium2021-09-17
CVE-2021-32629 Memory access due to code generation flaw in Cranelift module — wasmtimeCWE-788 7.2 High2021-05-24

This page lists every published CVE security advisory associated with bytecodealliance. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.