{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30266", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-26T12:52:00.935Z", "datePublished": "2024-04-04T15:42:00.200Z", "dateUpdated": "2024-08-02T01:32:07.072Z"}, "containers": {"cna": {"title": "Wasmtime vulnerable to panic when using a dropped extenref-typed element segment", "problemTypes": [{"descriptions": [{"cweId": "CWE-843", "lang": "en", "description": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5"}, {"name": "https://github.com/bytecodealliance/wasmtime/issues/8281", "tags": ["x_refsource_MISC"], "url": "https://github.com/bytecodealliance/wasmtime/issues/8281"}, {"name": "https://github.com/bytecodealliance/wasmtime/pull/8018", "tags": ["x_refsource_MISC"], "url": "https://github.com/bytecodealliance/wasmtime/pull/8018"}, {"name": "https://github.com/bytecodealliance/wasmtime/pull/8283", "tags": ["x_refsource_MISC"], "url": "https://github.com/bytecodealliance/wasmtime/pull/8283"}, {"name": "https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664", "tags": ["x_refsource_MISC"], "url": "https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664"}], "affected": [{"vendor": "bytecodealliance", "product": "wasmtime", "versions": [{"version": "= 19.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-04T15:42:00.200Z"}, "descriptions": [{"lang": "en", "value": "wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1."}], "source": {"advisory": "GHSA-75hq-h6g9-h4q5", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30266", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-04T19:54:05.029928Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:38:20.190Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:32:07.072Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5"}, {"name": "https://github.com/bytecodealliance/wasmtime/issues/8281", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/bytecodealliance/wasmtime/issues/8281"}, {"name": "https://github.com/bytecodealliance/wasmtime/pull/8018", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/bytecodealliance/wasmtime/pull/8018"}, {"name": "https://github.com/bytecodealliance/wasmtime/pull/8283", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/bytecodealliance/wasmtime/pull/8283"}, {"name": "https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5", "name": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/bytecodealliance/wasmtime/issues/8281", "name": "https://github.com/bytecodealliance/wasmtime/issues/8281", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/bytecodealliance/wasmtime/pull/8018", "name": "https://github.com/bytecodealliance/wasmtime/pull/8018", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/bytecodealliance/wasmtime/pull/8283", "name": "https://github.com/bytecodealliance/wasmtime/pull/8283", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664", "name": "https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:32:07.072Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30266", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-04T19:54:05.029928Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:22.147Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Wasmtime vulnerable to panic when using a dropped extenref-typed element segment", "source": {"advisory": "GHSA-75hq-h6g9-h4q5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "bytecodealliance", "product": "wasmtime", "versions": [{"status": "affected", "version": "= 19.0.0"}]}], "references": [{"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5", "name": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/bytecodealliance/wasmtime/issues/8281", "name": "https://github.com/bytecodealliance/wasmtime/issues/8281", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/bytecodealliance/wasmtime/pull/8018", "name": "https://github.com/bytecodealliance/wasmtime/pull/8018", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/bytecodealliance/wasmtime/pull/8283", "name": "https://github.com/bytecodealliance/wasmtime/pull/8283", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664", "name": "https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-843", "description": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-04T15:42:00.200Z"}}}, "cveMetadata": {"cveId": "CVE-2024-30266", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:32:07.072Z", "dateReserved": "2024-03-26T12:52:00.935Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-04-04T15:42:00.200Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bytecodealliance:wasmtime:19.0.0:*:*:*:*:rust:*:*", "matchCriteriaId": "9C2CCC83-D074-46EA-9164-0B7C1B12FDCA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1."}, {"lang": "es", "value": "wasmtime es un tiempo de ejecuci\u00f3n para WebAssembly. La versi\u00f3n 19.0.0 de Wasmtime contiene una regresi\u00f3n introducida durante su desarrollo que puede provocar que un m\u00f3dulo WebAssembly invitado cause p\u00e1nico en el tiempo de ejecuci\u00f3n del host. Un m\u00f3dulo WebAssembly v\u00e1lido, cuando se ejecuta en tiempo de ejecuci\u00f3n, puede provocar este p\u00e1nico. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 19.0.1."}], "id": "CVE-2024-30266", "lastModified": "2025-09-02T14:46:00.480", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-04T16:15:09.107", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/bytecodealliance/wasmtime/issues/8281"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/bytecodealliance/wasmtime/pull/8018"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/bytecodealliance/wasmtime/pull/8283"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory", "Mitigation"], "url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/bytecodealliance/wasmtime/issues/8281"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/bytecodealliance/wasmtime/pull/8018"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/bytecodealliance/wasmtime/pull/8283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Mitigation"], "url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"created": "2025-07-13T11:32:03.159982+00:00", "updated": "2025-07-13T11:32:03.160036+00:00", "vendors": ["bytecodealliance", "bytecodealliance$PRODUCT$wasmtime"]}