CVE-2022-24791

Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 0.34.2 Wasmtime versions prior to 0.35.2

Description There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. The use after free is caused by Cranelift failing to emit stack maps when there are safepoints inside cold blocks. Cold blocks occur when epoch interruption is enabled. When Wasmtime would eventually collect garbage, it would fail to find live references on the stack because of the missing stack maps, think that they were unreferenced garbage, and therefore reclaim them. Then after the collection ended, the Wasm code could use the reclaimed-too-early references, which is a use after free.

Recommendations For versions prior to 0.34.2, upgrade to version 0.34.2 or later. For versions prior to 0.35.2, upgrade to version 0.35.2 or later. As a temporary workaround, consider disabling the Wasm reference types proposal by setting config.wasm reference types(false). Alternatively, disable epoch interruption by setting config.epoch interruption(false) if it was previously enabled.