What is CVE-2023-30624?

CVE-2023-30624 is a low-severity vulnerability in Bytecodealliance Wasmtime, classified under CWE-758. CVSS score: 3.9/10. Published 2023-04-27.

How severe is CVE-2023-30624?

Low severity. CVSS v3 base score is 3.9 out of 10.

Vulnerability in Bytecodealliance Wasmtime

CVE-2023-30624

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined beha…

EPSS: 0.002 (36.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.9 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L.

Affected products

Bytecodealliance Wasmtime — versions < 6.0.2, = 7.0.0, = 8.0.0

Weakness classification (CWE)

CWE-758

References

https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ch89-5g45-qwc7 (x_refsource_CONFIRM)
https://github.com/bytecodealliance/wasmtime/commit/0977952dcd9d482bff7c288868ccb52769b3a92e (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-30624?: CVE-2023-30624 is a low-severity vulnerability in Bytecodealliance Wasmtime, classified under CWE-758. CVSS score: 3.9/10. Published 2023-04-27.
How severe is CVE-2023-30624?: Low severity. CVSS v3 base score is 3.9 out of 10.