{"id":"RUSTSEC-2020-0004","summary":"sigstack allocation bug can cause memory corruption or leak","details":"An embedding using affected versions of lucet-runtime configured to use\nnon-default Wasm globals sizes of more than 4KiB, or compiled in debug mode\nwithout optimizations, could leak data from the signal handler stack to guest\nprograms. This can potentially cause data from the embedding host to leak to\nguest programs or cause corruption of guest program memory.\n\nThis flaw was resolved by correcting the sigstack allocation logic.","aliases":["CVE-2020-35859","GHSA-3933-wvjf-pcvc"],"modified":"2023-11-08T04:03:35.973145Z","published":"2020-01-24T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/lucet-runtime-internals"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0004.html"},{"type":"WEB","url":"https://github.com/bytecodealliance/lucet/pull/401"}],"affected":[{"package":{"name":"lucet-runtime-internals","ecosystem":"crates.io","purl":"pkg:cargo/lucet-runtime-internals"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.4.3"},{"introduced":"0.5.0"},{"fixed":"0.5.1"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"functions":[],"arch":[],"os":[]}},"database_specific":{"cvss":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0004.json","informational":null,"categories":["memory-corruption","memory-exposure"]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}