Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseRUSTSEC-2024-0442
RUSTSEC-2024-0442:
Rust vulnerability analysis and mitigation
The unsound function dump_code_load_record uses from_raw_parts to directly convert
the pointer addr and len into a slice without any validation and that memory block
would be dumped.
Thus, the 'safe' function dumpcodeload_record is actually 'unsafe' since it requires
the caller to guarantee that the addr is valid and len must not overflow.
Otherwise, the function could dump the memory into file illegally, causing memory leak.
Note: this is an internal-only crate in the Wasmtime project not intended for external use and is more strongly signaled nowadays as of bytecodealliance/wasmtime#10963. Please open an issue in Wasmtime if you're using this crate directly.
Source: NVD
Related Rust vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management