CVE-2024-30266
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-30266
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-30266.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-30266
- Aliases
- Related
- Published
- 2024-04-04T16:15:09Z
- Modified
- 2025-07-01T15:48:28.520275Z
- Summary
- [none]
- Details
-
wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1.
- References
-
- https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5
- https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664
- https://github.com/bytecodealliance/wasmtime/issues/8281
- https://github.com/bytecodealliance/wasmtime/pull/8018
- https://github.com/bytecodealliance/wasmtime/pull/8283
- https://security-tracker.debian.org/tracker/CVE-2024-30266
Affected packages
Debian:13 / rust-wasmtime
Package
- Name
- rust-wasmtime
- Purl
- pkg:deb/debian/rust-wasmtime?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed21.0.2+dfsg-1
Affected versions
10.*
10.0.1+dfsg-1
10.0.1+dfsg-3
10.0.1+dfsg-4
10.0.1+dfsg-5
10.0.1+dfsg-6
10.0.1+dfsg-7
15.*
15.0.0+dfsg-1
15.0.0+dfsg-2
15.0.0+dfsg-3
15.0.1+dfsg-1
15.0.1+dfsg-2
15.0.1+dfsg-3
15.0.1+dfsg-4
16.*
16.0.0+dfsg-1
16.0.0+dfsg-2
16.0.0+dfsg-3
18.*
18.0.1+dfsg-1
19.*
19.0.0+dfsg-1
19.0.0+dfsg-2
19.0.0+dfsg-3
19.0.0+dfsg-4