Cargo/Wasmtime-Wasi | GitLab Advisory Database (GLAD)

Advisories for Cargo/Wasmtime-Wasi package

2026

wasmtime-wasi: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

In wasmtime-wasi, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, this wasmtime-wasi enforced access control mechanism can be bypassed by using the wasip2 descriptor.open-at or wasip1 path_open interfaces by opening a file with OpenFlags::TRUNCATE oflag only, for example: dir_descriptor.open_at( PathFlags::empty(), FILENAME, OpenFlags::TRUNCATE, DescriptorFlags::READ, ) wasip1::path_open( dir_fd, 0, FILENAME, wasip1::OFLAGS_TRUNC, wasip1::RIGHTS_FD_READ, 0, 0 ) The root cause is that the clause that considered OpenFlags::TRUNCATE did not set open_mode …

2025

Wasmtime CLI is vulnerable to host panic through its fd_renumber function

A bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host (embedder). The specific bug is triggered by calling path_open after calling fd_renumber with either: two equal argument values second argument being equal to a previously-closed file descriptor number value The corrupt state introduced in fd_renumber will lead to the subsequent opening of a file descriptor to …