What is CVE-2024-51745?

CVE-2024-51745 is a vulnerability in Bytecodealliance Wasmtime, classified under CWE-67. Published 2024-11-05.

Is CVE-2024-51745 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Bytecodealliance Wasmtime

CVE-2024-51745

Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to…

EPSS: 0.003 (53.6th percentile) — read the EPSS interpretation.

Affected products

Bytecodealliance Wasmtime — versions < 24.0.2, >= 25.0.0, < 25.0.3, = 26.0.0

Weakness classification (CWE)

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-c2f5-jxjv-2hh8 (x_refsource_CONFIRM)
https://github.com/bytecodealliance/cap-std/pull/371 (x_refsource_MISC)
https://en.wikipedia.org/wiki/ISO/IEC_8859-1 (x_refsource_MISC)
https://learn.microsoft.com/en-us/windows/win32/fileio/naming-a-file#naming-conventions (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-51745?: CVE-2024-51745 is a vulnerability in Bytecodealliance Wasmtime, classified under CWE-67. Published 2024-11-05.
Is CVE-2024-51745 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.