Hatoo

**Name of the Vulnerable Software and Affected Versions** Wasmtime versions 24.0.0 through 24.0.3 Wasmtime versions 33.0.0 through 33.0.1 Wasmtime versions 34.0.0 through 34.0.1 **Description** Wasmtime is a runtime for WebAssembly. A bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host (embedder). The issue is triggered by calling `path open` after calling `fd renumber` with either two equal argument values or a second argument being equal to a previously-closed file descriptor number value. The resulting corrupt state leads to a panic when opening a file descriptor. This panic is considered a denial-of-service vector for WebAssembly embedders. This bug does not affect WASIp2 and embedders using components. **Recommendations** Update to Wasmtime version 24.0.4. Update to Wasmtime version 33.0.2. Update to Wasmtime version 34.0.2.