CVE-2024-47813

CVSS 3.1 Score 2.9 of 10 (low)

Details

Published Oct 9, 2024
CWE ID 367

Summary

CVE-2024-47813 identifies a vulnerability in the Wasmtime open-source runtime for WebAssembly, affecting multiple products including zVBC04, zVBC05, and others. The issue arises from a race condition in the internal type registry of wasmtime::Engine, which can lead to double-unregistration bugs and potential corruption of the type registry. This corruption may violate WebAssembly's control-flow integrity and type safety when specific concurrent events occur. Users are advised to avoid using wasmtime::Engine across multiple threads, as those who only create new modules over time or do not utilize concurrent operations remain unaffected. The vulnerability has a low severity rating with an exploitability score of 0.3, indicating that successful exploitation requires high privileges and user interaction.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share