CVE-2020-35859

Name of the Vulnerable Software and Affected Versions lucet-runtime-internals versions prior to 0.5.1

Description The issue is related to the mishandling of sigstack allocation in the lucet-runtime-internals crate. This can potentially allow guest programs to obtain sensitive information or experience memory corruption. An embedding using affected versions of lucet-runtime, configured to use non-default Wasm globals sizes of more than 4KiB, or compiled in debug mode without optimizations, could leak data from the signal handler stack to guest programs.

Recommendations For versions prior to 0.5.1, update to version 0.5.1 or later to resolve the issue by correcting the sigstack allocation logic. As a temporary workaround, consider avoiding the use of non-default Wasm globals sizes of more than 4KiB and compiling in release mode with optimizations to minimize the risk of exploitation.