wasmtime has a panic when allocating a table exceeding the size of the host's address space — CVE-2026-44216
GHSA · GitHub · CVE-2026-44216
ID
CVE-2026-44216
CVE-2026-44216
Date
Updated
Activity
Source
GHSA
GHSA
Vendor
GitHub
GitHub
Threat
medium
medium
CVSS
5.9
5.9
Summary
### Impact Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This overflow is possible to trigger, and thus panic, when a table with an extremely large size is allocated. This is possible with the WebAssembly memory64 proposal where tables can have sizes in the 64-bit range as opposed to the previous 32-bit range which would not overflow. The panic happens…
Product
rust: wasmtime
What to do
General, cautious steps (verify details in the official source):
- Review exposure and plan remediation based on risk and environment.
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.