Out-of-bounds write in Wasmtime

#VU73803 Out-of-bounds write in Wasmtime

Published: 2024-01-18

Vulnerability identifier: #VU73803

Vulnerability risk: Medium

CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-26489

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Wasmtime
Web applications / Modules and components for CMS

Vendor: Bytecode Alliance

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input on x86_64. A remote user can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Wasmtime: 0.37.0 - 6.0.0

External links
http://groups.google.com/a/bytecodealliance.org/g/sec-announce/c/Mov-ItrNJsQ
http://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.static_memory_guard_size
http://github.com/bytecodealliance/wasmtime/commit/63fb30e4b4415455d47b3da5a19d79c12f4f2d1f
http://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.static_memory_maximum_size
http://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ff4p-7xrq-q5r8

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Envoy update for Wasmtime

Multiple vulnerabilities in Bytecode Alliance Wasmtime