Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

openSUSE Tree-sitter Important Denial of Service Issues 20749-1

opensuse
Calendar Grey May 19, 2026
Dist Opensuse Esm H88
This update resolves 10 vulnerabilities in openSUSE's tree-sitter software, ensuring enhanced security and stability.
An update that solves 10 vulnerabilities and has 12 bug fixes can now be installed.

Description

This update for tree-sitter fixes the following issues

Security issues:

- CVE-2026-34941: wasmtime: crafted input string can lead to an out-of-bound read (bsc#1261871).

- CVE-2026-34942: wasmtime: unaligned pointers can lead to a denial of service (bsc#1261894).

- CVE-2026-34943: wasmtime: lifting `flags` component value can lead to a denial of service (bsc#1261954).

- CVE-2026-34944: wasmtime: out-of-bounds read during WebAssembly compilation can lead to a denial of service

(bsc#1261963).

- CVE-2026-34945: wasmtime: incorrectly translated table.size could lead to disclosing data (bsc#1262007).

- CVE-2026-34946: wasmtime: denial of service due to WebAssembly compilation error (bsc#1261974).

- CVE-2026-34987: wasmtime: winch compiler backend may allow a sandbox-escaping memory access (bsc#1262032).

- CVE-2026-34988: wasmtime: pooling allocator instances can cause data leakage (bsc#1261968).

- CVE-2026-35186: wasmtime: translating the table.grow operator can cause a masked return...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

libtree-sitter0_26-0.26.8-160000.1.1

libtree-sitter0_26-x86-64-v3-0.26.8-160000.1.1

tree-sitter-0.26.8-160000.1.1

tree-sitter-devel-0.26.8-160000.1.1

References

* bsc#1259205

* bsc#1261839

* bsc#1261871

* bsc#1261894

* bsc#1261954

* bsc#1261963

* bsc#1261968

* bsc#1261974

* bsc#1262007

* bsc#1262032

* bsc#1262036

* bsc#1262040

References:

* https://www.suse.com/security/cve/CVE-2026-34941.html

* https://www.suse.com/security/cve/CVE-2026-34942.html

* https://www.suse.com/security/cve/CVE-2026-34943.html

* https://www.suse.com/security/cve/CVE-2026-34944.html

* https://www.suse.com/security/cve/CVE-2026-34945.html

* https://www.suse.com/security/cve/CVE-2026-34946.html

* https://www.suse.com/security/cve/CVE-2026-34987.html

* https://www.suse.com/security/cve/CVE-2026-34988.html

* https://www.suse.com/security/cve/CVE-2026-35186.html

* https://www.suse.com/security/cve/CVE-2026-35195.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20749-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here