Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Local vector and low privileges required because exploitation needs access to the embedding process's wasm inputs; no confidentiality or integrity impact, only gradual availability degradation from memory exhaustion.
Primary rating from Vendor (https://github.com/bytecodealliance/wasmtime).
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
3DescriptionGitHub Advisory
Impact
Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the anyref or externref WebAssembly values. This is caused by a regression introduced during the development of 37.0.0 and all prior versions of Wasmtime are unaffected. If anyref or externref is not used in the C/C++ API then embeddings are also unaffected by the leaky behavior. The wasmtime Rust crate is unaffected by this leak.
Development of Wasmtime 37.0.0 included a refactoring in Rust of changing the old ManuallyRooted<T> type to a new OwnedRooted<T> type. This change was integrated into Wasmtime's C API but left the C API in a state which had memory leaks. Additionally the new ownership semantics around this type were not reflected into the C++ API, making it leak-prone. A short version of the change is that previously ManuallyRooted<T>, as the name implies, required manual calls to an "unroot" operation. If this was forgotten then the memory was still cleaned up when the wasmtime_store_t itself was destroyed eventually. Documentation of when to "unroot" was sparse and there were already situations prior to 37.0.0 where memory would be leaked until the store was destroyed anyway. All memory, though, was always bound by the store, and destroying the store would guarantee that there were no memory leaks.
In migrating to OwnedRooted<T> the usage of the type in Rust changed. A manual "unroot" operation is no longer required and it happens naturally as a destructor of the OwnedRooted<T> type in Rust itself. These new resource ownership semantics were not fully integrated into the preexisting semantics of the C/C++ APIs in Wasmtime. A crucial distinction of OwnedRooted<T> vs ManuallyRooted<T> is that the OwnedRooted<T> type allocates host memory outside of the store. This means that if an OwnedRooted<T> is leaked then destroying a store does not release this memory and it's a permanent memory leak on the host. This led to a few distinct, but related, issues arising:
- A typo in the
wasmtime_val_unrootfunction in the C API meant that it did not actually unroot anything. This meant that even if embedders faithfully call the function then memory will be leaked. - If a host-defined function returned a
wasmtime_{externref,anyref}_tvalue then the value was never unrooted. The C/C++ API no longer has access to the value and the Rust implementation did not unroot. This meant that any values returned this way were never unrooted. - The goal of the C++ API of Wasmtime is to encode automatic memory management in the type system, but the C++ API was not updated when
OwnedRooted<T>was added. This meant that idiomatic usage of the C++ API would leak memory due to a lack of destructors on values.
These issues have all been fixed in a 37.0.2 release of Wasmtime. The implementation of the C and C++ APIs have been updated accordingly and respectively to account for the changes of ownership here. For example wasmtime_val_unroot has been fixed to unroot, the Rust-side implementation of calling an embedder-defined function will unroot return values, and the C++ API now has destructors on the ExternRef, AnyRef, and Val types. These changes have been made to the 37.0.x release branch in a non-API-breaking fashion. Changes to the 38.0.0 release branch (and main in the Wasmtime repository) include minor API updates to better accomodate the API semantic changes.
Patches
Wasmtime 37.0.2 has been released which fixes these issues. Users of 37.0.0 and 37.0.1 are recommended to upgrade. Users of 36.0.x and prior are unaffected and need not upgrade.
Workarounds
The only known workaround at this time is to avoid using externref and anyref in the C/C++ API of Wasmtime. If avoiding those types is not possible then it's required for users to update to mitigate the leak issue.
Remediations
The Wasmtime project will be looking more closely into improving the situation around testing the C and C++ APIs of Wasmtime in the near future. For example we plan to integrate ASAN testing to discover leaks and errors earlier on in the development process. We're also going to look into expanding the test coverage of the C/C++ APIs to catch issues like this earlier on in development in the future.
AnalysisAI
Memory leak regression in Wasmtime 37.0.0 and 37.0.1 causes permanent host-process memory exhaustion when C/C++ embeddings use externref or anyref WebAssembly reference types. The refactoring from ManuallyRooted<T> to OwnedRooted<T> introduced three distinct defects - a no-op typo in wasmtime_val_unroot, unreleased return values from host-defined callbacks, and missing C++ destructors - that collectively prevent GC roots from ever being freed, even after the WebAssembly store is destroyed. No public exploit confirmed in CISA KEV; a proof-of-concept is publicly available, but EPSS at 0.18% (7th percentile) and SSVC exploitation status of none indicate minimal active threat.
Technical ContextAI
Wasmtime is a fast, secure WebAssembly runtime developed by the Bytecode Alliance, implemented in Rust and exposed to native applications via C and C++ APIs. The affected packages are pkg:rust/wasmtime-c-api-impl (versions >= 37.0.0, < 37.0.2) and pkg:pip/wasmtime-bin (< 37.0.2). CWE-772 (Missing Release of Resource after Effective Lifetime) captures the root cause: the 37.0.0 refactoring replaced ManuallyRooted<T> - which allocated GC roots inside the WebAssembly store so store destruction acted as a memory backstop - with OwnedRooted<T>, which allocates host memory outside the store and relies on Rust RAII destructors. Because the C/C++ API wrappers were not updated to reflect these new ownership semantics, OwnedRooted<T> instances escape Rust's destructor lifecycle and are never freed. A typo in wasmtime_val_unroot meant that even correct embedder usage silently failed to release memory, host-callback return values of wasmtime_externref_t/wasmtime_anyref_t were never unrooted on the Rust side, and the C++ ExternRef, AnyRef, and Val wrapper types lacked copy/move constructors and destructors entirely.
RemediationAI
Vendor-released patch: Wasmtime 37.0.2. Upgrade immediately from 37.0.0 or 37.0.1 to 37.0.2, available at https://github.com/bytecodealliance/wasmtime/releases/tag/v37.0.2. The fix (commit adff9d9d0f09569203709d5687e5a7dc8e1ad0a3) corrects the wasmtime_val_unroot typo so it actually unroots the value, adds Rust-side unrooting of return values from host-defined functions that return wasmtime_externref_t or wasmtime_anyref_t, and adds proper copy constructor, move constructor, and destructor to the C++ ExternRef, AnyRef, and Val types. Users of 36.0.x and earlier need not upgrade for this issue. The only supported workaround for embedders who cannot upgrade is to avoid using externref and anyref in the C/C++ API entirely; this eliminates the leak surface but may require significant API refactoring. No generic network-level compensating controls are applicable to this local resource-management defect.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-33183
GHSA-vvp9-h8p2-xwfc