Main Vulnerability Database Vulnerabilities #VU127027

Incorrect calculation in Wasmtime - CVE-2022-31169

Published: July 20, 2022 / Updated: April 23, 2026

Vulnerability identifier: #VU127027

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-31169

CWE-ID: CWE-682

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Wasmtime

Software vendor:
Bytecode Alliance

Description

The vulnerability allows a remote attacker to cause incorrect computation results within the WebAssembly sandbox.

The vulnerability exists due to improper handling of sign and zero extension in Cranelift code generation for division operations when compiling WebAssembly programs for AArch64 targets. A remote attacker can execute a specially crafted WebAssembly program to cause incorrect computation results within the WebAssembly sandbox.

Only AArch64 targets are affected.

Remediation

Install security update from vendor's website.

External links

https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-7f6x-jwh5-m9r4

Incorrect calculation in Wasmtime - CVE-2022-31169

Description

Remediation

External links

Please verify you're human