Vulnerability GHSA-hc7m-r6v8-hg9q: Information

Description

Wasmtime provides unsound API access to a WebAssembly shared linear memory

Severity: LOW (1.8)
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
URL: https://github.com/advisories/GHSA-hc7m-r6v8-hg9q
Published: Nov. 13, 2025
Modified: Nov. 14, 2025
Error type identifier: CWE-362

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
wasmtimesisyphus43.0.0-alt143.0.0-alt1ALT-PU-2026-5689-2414049Fixed
wasmtimesisyphus_riscv6443.0.0-alt143.0.0-alt1ALT-PU-2026-7613-1-Fixed
wasmtimesisyphus_loongarch6443.0.0-alt143.0.0-alt1ALT-PU-2026-7551-1-Fixed

Affected packages

Ecosystem
Name
Affected versions
Patched versions
crates.iowasmtime
>=38.0.0, <38.0.4
>=37.0.0, <37.0.3
>=26.0.0, <36.0.3
<24.0.5
38.0.4
37.0.3
36.0.3
24.0.5

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hc7m-r6v8-hg9q
  • WEB
https://nvd.nist.gov/vuln/detail/CVE-2025-64345
  • ADVISORY
https://github.com/bytecodealliance/wasmtime/commit/9ebb6934f00d58b92fb68ed0e0b16c0ae828ca10
  • WEB
https://docs.rs/wasmtime/latest/wasmtime/struct.Memory.html#method.new
  • WEB
https://docs.rs/wasmtime/latest/wasmtime/struct.SharedMemory.html#method.new
  • WEB
https://docs.wasmtime.dev/stability-release.html
  • WEB
https://github.com/bytecodealliance/wasmtime
  • PACKAGE
https://github.com/bytecodealliance/wasmtime/releases/tag/v38.0.4
  • WEB
https://rustsec.org/advisories/RUSTSEC-2025-0118.html
  • WEB
CVE-2025-64345
  • CVE
VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
Version: v26.2.2
Back to top