MEDIUM 6.3
RUSTSEC-2021-0110
Multiple Vulnerabilities in Wasmtime
Details
* [Use after free passing `externref`s to Wasm in Wasmtime](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-v4cp-h94r-m7xf)
* [Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4873-36h9-wv49)
* [Wrong type for `Linker`-define functions when used across two `Engine`s](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q879-9g95-56mx)
Are you affected?
Enter the version of the package you're using.
Affected packages
crates.io / wasmtime
Introduced in:
0.0.0-0 Fixed in: 0.30.0 Upgrade wasmtime to 0.30.0 or newer (ecosystem crates.io).
References
- https://crates.io/crates/wasmtime [PACKAGE]
- https://rustsec.org/advisories/RUSTSEC-2021-0110.html [ADVISORY]
- https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-v4cp-h94r-m7xf [ADVISORY]
- https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4873-36h9-wv49 [ADVISORY]
- https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q879-9g95-56mx [ADVISORY]