CVE-2022-31169

{"id": "CVE-2022-31169", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2022-07-22T04:15:14.463", "references": [{"url": "https://github.com/bytecodealliance/wasmtime/commit/2ba4bce5cc719e5a74e571a534424614e62ecc41", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-7f6x-jwh5-m9r4", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-682"}]}], "descriptions": [{"lang": "en", "value": "Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only affects the AArch64 platform. Other platforms are not affected. The translation rules for constants did not take into account whether sign or zero-extension should happen which resulted in an incorrect value being placed into a register when a division was encountered. The impact of this bug is that programs executing within the WebAssembly sandbox would not behave according to the WebAssembly specification. This means that it is hypothetically possible for execution within the sandbox to go awry and WebAssembly programs could produce unexpected results. This should not impact hosts executing WebAssembly but does affect the correctness of guest programs. This bug has been patched in Wasmtime version 0.38.2 and cranelift-codegen 0.85.2. There are no known workarounds."}, {"lang": "es", "value": "Wasmtime es un tiempo de ejecuci\u00f3n independiente para WebAssembly. Se presenta un error en el generador de c\u00f3digo de Wasmtime, Cranelift, para los objetivos AArch64 donde los divisores constantes pueden resultar en resultados de divisi\u00f3n incorrectos en tiempo de ejecuci\u00f3n. Esto afecta a Wasmtime versiones anteriores a 0.38.2 y a Cranelift versiones anteriores a 0.85.2. Este problema s\u00f3lo afecta a la plataforma AArch64. Las dem\u00e1s plataformas no est\u00e1n afectadas. Las reglas de traducci\u00f3n de las constantes no ten\u00edan en cuenta si el signo o la extensi\u00f3n cero deb\u00edan producirse, lo que resultaba en la colocaci\u00f3n de un valor incorrecto en un registro cuando era encontrada una divisi\u00f3n. El impacto de este bug es que los programas que son ejecutados dentro del sandbox de WebAssembly no son comportados de acuerdo con la especificaci\u00f3n de WebAssembly. Esto significa que es hipot\u00e9ticamente posible que la ejecuci\u00f3n dentro del sandbox sea desviado y los programas WebAssembly puedan producir resultados no esperados. Esto no deber\u00eda afectar a los hosts que ejecutan WebAssembly, pero s\u00ed a la correcci\u00f3n de los programas invitados. Este error ha sido parcheado en Wasmtime versi\u00f3n 0.38.2 y en cranelift-codegen versi\u00f3n 0.85.2. No se presentan mitigaciones conocidas"}], "lastModified": "2022-08-03T18:33:49.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bytecodealliance:cranelift-codegen:*:*:*:*:*:rust:*:*", "vulnerable": true, "matchCriteriaId": "1E1303DC-2166-4DCB-8ABE-208849CDD044", "versionEndExcluding": "0.85.1"}, {"criteria": "cpe:2.3:a:bytecodealliance:wasmtime:*:*:*:*:*:rust:*:*", "vulnerable": true, "matchCriteriaId": "B9C6651A-233F-40DD-AB1B-1A435F97728B", "versionEndExcluding": "0.38.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}