CVE Vulnerabilities

CVE-2026-34945

Incorrect Conversion between Numeric Types

Published: Apr 09, 2026 | Modified: Jun 17, 2026
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
5.6 MODERATE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtimes Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the hosts stack to WebAssembly guests. The hosts stack can possibly contain sensitive data related to other host-originating operations which is not intended to be disclosed to guests. This bug specifically arose from a mistake where the return value of table.size was statically typed as a 32-bit integer, as opposed to consulting the tables index type to see how large the returned register could be. When combined with details about Wnichs ABI, such as multi-value returns, this can be combined to read stack data from the host, within a guest. This vulnerability is fixed in 36.0.7, 42.0.2, and 43.0.1.

Weakness

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

Affected Software

NameVendorStart VersionEnd Version
WasmtimeBytecodealliance25.0.0 (including)36.0.7 (excluding)
WasmtimeBytecodealliance37.0.0 (including)42.0.2 (excluding)
WasmtimeBytecodealliance43.0.0 (including)43.0.1 (excluding)
Rust-wasmtimeUbuntuquesting*

Potential Mitigations

References