2406269 – (CVE-2025-62711) CVE-2025-62711 wasmtime: Wasmtime vulnerable to segfault when using component resources

Bug 2406269 (CVE-2025-62711) - CVE-2025-62711 wasmtime: Wasmtime vulnerable to segfault when using component resources

Summary: CVE-2025-62711 wasmtime: Wasmtime vulnerable to segfault when using component...

Keywords:
Status:	NEW
Alias:	CVE-2025-62711
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-24 22:01 UTC by OSIDB Bzimport
Modified:	2025-10-28 20:46 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-24 22:01:48 UTC

Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. Wasmtime 38.0.3 has been released and is patched to fix this issue. There are no workarounds.

Note You need to log in before you can comment on or make changes to this bug.