—

RUSTSEC-2026-0006

Wasmtime segfault or unused out-of-sandbox load with `f64.copysign` operator on x86-64

Details

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73 For more information see the GitHub-hosted security advisory.

Are you affected?

Enter the version of the package you're using.

Affected packages

crates.io / wasmtime

Introduced in: 29.0.0 Fixed in: 36.0.5

Upgrade wasmtime to 36.0.5 or newer (ecosystem crates.io).

References

https://crates.io/crates/wasmtime [PACKAGE]
https://rustsec.org/advisories/RUSTSEC-2026-0006.html [ADVISORY]
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73 [ADVISORY]