GHSA-h84q-m8rr-3v9q
GitHub Security Advisory
wasmtime_trap_code C API function has out of bounds write vulnerability
Advisory Details
### Impact
There is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared signature in the `wasmtime/trap.h` header file. This discrepancy causes the function implementation to perform a 4-byte write into a 1-byte buffer provided by the caller. This can lead to three zero bytes being written beyond the 1-byte location provided by the caller.
### Patches
This bug has been patched and users should upgrade to Wasmtime 2.0.2.
### Workarounds
This can be worked around by providing a 4-byte buffer casted to a 1-byte buffer when calling `wasmtime_trap_code`. Users of the `wasmtime` crate are not affected by this issue, only users of the C API function `wasmtime_trap_code` are affected.
### References
* [Definition of `wasmtime_trap_code`](https://docs.wasmtime.dev/c-api/trap_8h.html#a6580f4f209d3eaebb6e8b9a901a30b7a)
* [Mailing list announcement](https://groups.google.com/a/bytecodealliance.org/g/sec-announce/c/c1HBDDJwNPA)
* [Patch to fix for `main` branch](https://github.com/bytecodealliance/wasmtime/commit/5b6d5e78de106503b3b9add218bb3d2b1d63c493)
### For more information
If you have any questions or comments about this advisory:
* Reach out to us on [the Bytecode Alliance Zulip chat](https://bytecodealliance.zulipchat.com/#narrow/stream/217126-wasmtime)
* Open an issue in [the bytecodealliance/wasmtime repository](https://github.com/bytecodealliance/wasmtime/)
Affected Packages
Related CVEs
Key Information
Dataset
Data from GitHub Advisory Database. This information is provided for research and educational purposes.