CVE-2022-23636

Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 0.34.1 and 0.33.1

Description A bug exists in the pooling instance allocator in Wasmtime's runtime. When a failure to instantiate an instance for a module that defines an externref global occurs, it results in an invalid drop of a VMExternRef via an uninitialized pointer. This can happen under specific conditions, including when support for the reference types proposal is enabled and a pooling allocation strategy is configured. The module must define at least one table or memory and at least one externref global. During instantiation, a call to mprotect or VirtualAlloc must fail, or a resource limiter must be configured in the associated Store and return false from the initial call to memory growing or table growing. The effective impact of this bug is believed to be relatively small due to the uncommon usage of externref and the specific conditions required to trigger the bug.

Recommendations For versions prior to 0.34.1 and 0.33.1, upgrade to version 0.34.1 or 0.33.1 as soon as possible. If it is not possible to upgrade to version 0.34.1 or 0.33.1 of the wasmtime crate, disable support for the reference types proposal by passing false to Config::wasm reference types. This will prevent modules that use externref from being loaded entirely.