Vulnerability GHSA-4h67-722j-5pmc: Information

Description

Wasmtime vulnerable to segfault when using component resources

Severity: LOW (2.1)
Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
URL: https://github.com/advisories/GHSA-4h67-722j-5pmc
Published: Oct. 27, 2025
Modified: Oct. 27, 2025
Error type identifier: CWE-755

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
wasmtimesisyphus43.0.0-alt143.0.0-alt1ALT-PU-2026-5689-2414049Fixed
wasmtimesisyphus_riscv6443.0.0-alt143.0.0-alt1ALT-PU-2026-7613-1-Fixed
wasmtimesisyphus_loongarch6443.0.0-alt143.0.0-alt1ALT-PU-2026-7551-1-Fixed

Affected packages

Ecosystem
Name
Affected versions
Patched versions
crates.iowasmtime
>=38.0.0, <38.0.3
38.0.3

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4h67-722j-5pmc
  • WEB
https://nvd.nist.gov/vuln/detail/CVE-2025-62711
  • ADVISORY
https://github.com/bytecodealliance/wasmtime/pull/11592
  • WEB
https://github.com/bytecodealliance/wasmtime/commit/192f2fcdadfec9d0cf6b58548a85a7307450cbf5
  • WEB
https://github.com/bytecodealliance/wasmtime
  • PACKAGE
https://rustsec.org/advisories/RUSTSEC-2025-0112.html
  • WEB
CVE-2025-62711
  • CVE
VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
Version: v26.2.2
Back to top