← Voltar para CVEs
CVE-2026-34944
MEDIUM5.7
Descricao
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled it's possible for out-of-sandbox data to be loaded, but this data is not visible to WebAssembly guests. This vulnerability is fixed in 24.0.7, 36.0.7, 42.0.2, and 43.0.1.
Detalhes CVE
Pontuacao CVSS v3.15.7
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioREQUIRED
Publicado4/9/2026
Ultima modificacao4/20/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
bytecodealliance:wasmtime
Fraquezas (CWE)
CWE-248
Referencias
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-qqfj-4vcm-26hv(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.