How severe is CVE-2022-39393?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2022-39393?

This is classified as CWE-226, which is a common weakness in software security.

CVE-2022-39393 - HIGH Severity | CVSS 8.6

Vulnerability Description

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2 and 1.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`.

Related Vulnerabilities

CVE-2018-7166

HIGH

CVSS:7.5(High)

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or...

CWE-2262018

CVE-2024-38275

HIGH

CVSS:7.5(High)

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

CWE-2262024

CVE-2023-41138

MEDIUM

CVSS:6.7(Medium)

The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.

CWE-2262023

CVE-2018-7166

HIGH

CVSS:7.5(High)

CWE-2262018

CVE-2024-38275

HIGH

CVSS:7.5(High)

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

CWE-2262024

CVE-2023-41138

MEDIUM

CVSS:6.7(Medium)

The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.

CWE-2262023