Is CVE-2021-43790 actively exploited?

CVE-2021-43790 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2021-43790?

CVE-2021-43790 has a CVSS score of 8.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.

How do I patch CVE-2021-43790?

Patch guidance is available from bytecodealliance security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2021-43790.

Which products are affected by CVE-2021-43790?

1 product: bytecodealliance lucet.

Fix CVE-2021-43790 - HIGH bytecodealliance lucet

Description

Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduced early in the development of Lucet and is present in all releases. As a result of this bug, and dependent on the memory backing for the Instance objects, it is possible to trigger a use-after-free when the Instance is dropped. Users should upgrade to the main branch of the Lucet repository. Lucet no longer provides versioned releases on crates.io. There is no way to remediate this vulnerability without upgrading.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector: network
Complexity: high
Privileges: low
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-416 · Use After Free

Metadata

Primary Vendor: BYTECODEALLIANCE
Published: 11/30/2021
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

bytecodealliance : lucet

Remediation Guidance

Executive Summary

Cite this page

CVE-2021-43790. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2021-43790

View on NIST NVD

CVE-2021-43790 vulnerability