search

graphprotocol / graph-node

Graph Node indexes data from blockchains such as Ethereum and serves it over GraphQL
https://thegraph.com
Apache License 2.0
2.91k stars 977 forks source link

RUSTSEC-2022-0075: Bug in pooling instance allocator #4292

Open github-actions[bot] opened 1 year ago

github-actions[bot] commented 1 year ago

Bug in pooling instance allocator

Details
Package wasmtime
Version 0.27.0
URL https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf
Date 2022-11-10
Patched versions >=1.0.2, <2.0.0,>=2.0.2

bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance.

Mitigations are described here.

See advisory page for additional details.

github-actions[bot] commented 1 year ago

Looks like this issue has been open for 6 months with no activity. Is it still relevant? If not, please remember to close it.