CVE-2022-39393

Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 2.0.2

Description There is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance, the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug occurs when a slot in the pooling allocator previously was used for a module with a heap image, and the next instantiation within that slot does not itself contain a heap image. The bug is highly unlikely to be accidentally triggered and would otherwise require an intentional trigger with a hand-crafted module. In practice, modules must be deliberately crafted to not have an initial heap image to view the contents of a prior image.

Recommendations To resolve the issue, upgrade to Wasmtime 2.0.2. As a temporary workaround, consider disabling the pooling allocator. Additionally, disabling the memory-init-cow feature can mitigate the issue.