Use After Free Affecting cranelift-codegen package, versions >=0.84.0 <0.85.2


0.0
medium
  • Attack Complexity

    High

  • Confidentiality

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-RUST-CRANELIFTCODEGEN-2957525

  • published

    21 Jul 2022

  • disclosed

    20 Jul 2022

  • credit

    Alex Crichton, Nick Fitzgerald, Jamey Sharp

How to fix?

Upgrade cranelift-codegen to version 0.85.2 or higher.

Overview

cranelift-codegen is a translates code from an intermediate representation into executable machine code.

Affected versions of this package are vulnerable to Use After Free in the runtime garbage collector. When a host passes non-null externrefs to WebAssembly, garbage collection is triggered, while active Wasm frames remain on the stack. Live references from these frames can be reclaimed and reallocated.

Note: This vulnerability can be worked around by passing false to wasmtime::Config::wasm_reference_types.

References