#VU73803 Out-of-bounds write in Wasmtime - CVE-2023-26489

Cybersecurity Help s.r.o.

Published: 2023-03-20 | Updated: 2024-01-18

Vulnerability identifier: #VU73803

Vulnerability risk: Medium

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/U:Green]

CVE-ID: CVE-2023-26489

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Wasmtime
Web applications / Modules and components for CMS

Vendor: Bytecode Alliance

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input on x86_64. A remote user can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Wasmtime: 0.37.0 - 6.0.0

External links
https://groups.google.com/a/bytecodealliance.org/g/sec-announce/c/Mov-ItrNJsQ
https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.static_memory_guard_size
https://github.com/bytecodealliance/wasmtime/commit/63fb30e4b4415455d47b3da5a19d79c12f4f2d1f
https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.static_memory_maximum_size
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ff4p-7xrq-q5r8

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Envoy update for Wasmtime

Multiple vulnerabilities in Bytecode Alliance Wasmtime