Source linked

Wasmtime-wasi Bug Lets Hard Links Bypass FilePerms - Patch Now

github.com@threat_watch4 hours ago·Cybersecurity·1 comments

A CVSS 7.5 advisory reveals that hard links and renames in wasmtime-wasi ignore destination file permission checks, enabling integrity compromise in sandboxed WebAssembly environments.

bytecode alliancewasmtimewasmtime wasirustsecfile permissionssandbox escape

A newly published RustSec advisory (RUSTSEC-0000-0000) confirms that wasmtime-wasi's file permission enforcement has a hole big enough to drive a hard link through. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N – that's a 7.5 on the integrity scale with scope change, meaning a low-privilege local attacker can overwrite files they shouldn't touch inside a WebAssembly sandbox.

The bug lives in the WASI path_link and path_rename implementations. The advisory, filed by the Wasmtime project security team, states that these operations "bypass wasmtime-wasi's FilePerms for destination." In plain terms: when you create a hard link or rename a file through WASI, the runtime checks source permissions but never validates whether the destination directory allows writes. If your sandbox policy relies on FilePerms to isolate tenants, this is a direct bypass.

Four Version Branches, One Fix

The advisory covers four separate patched ranges because Wasmtime maintains long-term support branches. If you're on 46.x, upgrade to 46.0.1. For 45.x, you need 45.0.3 (but stay below 46.0.0). The 36.x line requires 36.0.12, and 24.x requires 24.0.11. Unaffected versions are not listed – assume anything older than those bounds is vulnerable.

What This Means for Wasmtime Deployments

This isn't a remote code execution, but it's worse for integrity guarantees. In multi-tenant Wasmtime environments where each guest has a restricted view of the host filesystem via FilePerms, a malicious guest can now overwrite files in directories it has source access to, even when the destination directory is explicitly denied. Think shared caches, temporary directories, or configuration files the host expects to be immutable. The attack surface is local and low-privilege, but the scope change (S:C) means the compromised asset is outside the original security boundary.

Dig into the full advisory at the Bytecode Alliance's GitHub security page (GHSA-4ch3-9j33-3pmj) for the exact code paths. If you run wasmtime-wasi in any sandboxed context – especially with user-supplied WebAssembly modules – do not assume FilePerms alone is sufficient until you've patched.

Source: create rustsec advisory for wasmtime-wasi crate: wasmtime project's G...
Domain: github.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
i_tree Crate Allowed Undefined Behavior Through Safe Public API

A safe public method in i_tree ≤0.9.x passed an arbitrary u32 index into Vec::get_unchecked without validation, letting callers trigger UB without writing any unsafe code.

HAProxy HPACK Null Pointer DoS: Patch Now, Over 20 Versions Affected

CVE-2026-55204 lets a remote attacker crash HAProxy via a crafted HPACK header; patches available for all supported versions.

Mozilla Root Store v3.1 Mandates Detailed Controls Reports for TLS CAs

By July 2027, every CA with a TLS root in Mozilla's store must produce a Detailed Controls Report exposing control testing, system boundaries, and failure points - not just a pass/fail audit opinion.

The Gentlemen RaaS Deploys Custom Go Backdoor with Yamux and SOCKS Proxy

Kaspersky's analysis reveals a Go implant that requires a hardcoded password, uses Yamux for bidirectional C2, and spreads via Group Policy.

Comments load interactively on the live page.