Highpchicken

Name of the Vulnerable Software and Affected Versions: Lucet versions prior to the main branch Description: There is a bug in the `lucet-runtime` that allows a use-after-free in an `Instance` object, potentially resulting in memory corruption, data race, or other related issues. This bug was introduced early in the development of Lucet and is present in all releases. The bug is related to the `InstanceHandle` type and the pool allocator used for new WebAssembly instances. When an `Instance` is dropped, the fields of the `Instance` are destructed top-to-bottom, but the memory backing the `Instance` is released back to the pool before the destructors of the remaining fields are run, potentially leading to a race condition and use-after-free errors. Recommendations: Upgrade to the main branch of the Lucet repository, as there is no way to remediate this vulnerability without upgrading.