MEDIUM
bytecodealliance
CVE published 2026-05-14
CVE-2026-44216
A denial-of-service vulnerability exists in Wasmtime's WebAssembly table allocation logic. From versions 30.0.0 through 36.0.8, 37.0.0 through 43.0.2, and 44.0.0, checked arithmetic operations panic on overflow when allocating tables with extremely large sizes. This condition is triggerable via the WebAssembly memory64 proposal, which extends table sizes to the 64-bit range. The panic occurs during module [truncated]