Headline
GHSA-9ghp-w2hm-vfpf: wasmtime_jit_debug Dumps Undefined Memory by `JitDumpFile`
The unsound function dump_code_load_record uses from_raw_parts to directly convert the pointer addr and len into a slice without any validation and that memory block would be dumped.
Thus, the ‘safe’ function dump_code_load_record is actually ‘unsafe’ since it requires the caller to guarantee that the addr is valid and len must not overflow. Otherwise, the function could dump the memory into file illegally, causing memory leak.
Note: this is an internal-only crate in the Wasmtime project not intended for external use and is more strongly signaled nowadays as of bytecodealliance/wasmtime#10963. Please open an issue in Wasmtime if you’re using this crate directly.
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-9ghp-w2hm-vfpf
wasmtime_jit_debug Dumps Undefined Memory by `JitDumpFile`
Moderate severity GitHub Reviewed Published Jun 17, 2025 to the GitHub Advisory Database • Updated Jun 17, 2025
Package
cargo wasmtime-jit-debug (Rust)
Affected versions
< 24.0.0
The unsound function dump_code_load_record uses from_raw_parts to directly convert the pointer addr and len into a slice without any validation and that memory block would be dumped.
Thus, the ‘safe’ function dump_code_load_record is actually ‘unsafe’ since it requires the caller to guarantee that the addr is valid and len must not overflow. Otherwise, the function could dump the memory into file illegally, causing memory leak.
Note: this is an internal-only crate in the Wasmtime project not intended for external use and is more strongly signaled nowadays as of bytecodealliance/wasmtime#10963. Please open an issue in Wasmtime if you’re using this crate directly.
References
- bytecodealliance/wasmtime#8905
- bytecodealliance/wasmtime@b5e31a5
- https://rustsec.org/advisories/RUSTSEC-2024-0442.html
Published to the GitHub Advisory Database
Jun 17, 2025
Last updated
Jun 17, 2025