CVE-2024-30266

{"id": "CVE-2024-30266", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-04-04T16:15:09.107", "references": [{"url": "https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/bytecodealliance/wasmtime/issues/8281", "tags": ["Exploit", "Issue Tracking"], "source": "[email protected]"}, {"url": "https://github.com/bytecodealliance/wasmtime/pull/8018", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/bytecodealliance/wasmtime/pull/8283", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5", "tags": ["Third Party Advisory", "Mitigation"], "source": "[email protected]"}, {"url": "https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/bytecodealliance/wasmtime/issues/8281", "tags": ["Exploit", "Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/bytecodealliance/wasmtime/pull/8018", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/bytecodealliance/wasmtime/pull/8283", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5", "tags": ["Third Party Advisory", "Mitigation"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-843"}]}], "descriptions": [{"lang": "en", "value": "wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1."}, {"lang": "es", "value": "wasmtime es un tiempo de ejecuci\u00f3n para WebAssembly. La versi\u00f3n 19.0.0 de Wasmtime contiene una regresi\u00f3n introducida durante su desarrollo que puede provocar que un m\u00f3dulo WebAssembly invitado cause p\u00e1nico en el tiempo de ejecuci\u00f3n del host. Un m\u00f3dulo WebAssembly v\u00e1lido, cuando se ejecuta en tiempo de ejecuci\u00f3n, puede provocar este p\u00e1nico. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 19.0.1."}], "lastModified": "2025-09-02T14:46:00.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bytecodealliance:wasmtime:19.0.0:*:*:*:*:rust:*:*", "vulnerable": true, "matchCriteriaId": "9C2CCC83-D074-46EA-9164-0B7C1B12FDCA"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}