Incorrect Calculation Affecting cranelift-codegen package, versions <0.85.0


0.0
medium
  • Attack Complexity

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-RUST-CRANELIFTCODEGEN-2936437

  • published

    28 Jun 2022

  • disclosed

    28 Jun 2022

  • credit

    alexcrichton

How to fix?

Upgrade cranelift-codegen to version 0.85.0 or higher.

Overview

cranelift-codegen is a translates code from an intermediate representation into executable machine code.

Affected versions of this package are vulnerable to Incorrect Calculation due to incorrect semantics implementation of the i8x16.swizzle and select WebAssembly instructions.

Note: The impact of this is benign for hosts running WebAssembly but represents possible vulnerabilities within the execution of a guest program. The select instruction is only affected when the inputs are of v128 type. The aarch64 implementation of the simd proposal is not affected.