wasm3 Memory Corruption Vulnerability in Function Dispatch

A critical memory corruption vulnerability has been identified in wasm3 versions through 0.5.0. The issue arises in the function op_SetSlot_i32 within the file m3_exec.h, where improper validation leads to an Out-of-Bounds Write. This vulnerability is present in RELEASE builds, indicating a significant risk as it could be exploited to execute arbitrary code or cause other memory corruption issues. Additionally, the op_CallIndirect function is affected, leading to a Segmentation Fault on READ access, further confirming the memory safety defect.

Impact

Exploitation of this vulnerability causes a Segmentation Fault due to a Null Pointer Dereference, disrupting the normal execution of the application. However, the memory corruption could potentially be exploited to execute arbitrary code.

Reproduction

The vulnerability can be reproduced by using the wasm3 interpreter to execute a WebAssembly module that triggers the op_SetSlot_i32 or op_CallIndirect functions with invalid indices, leading to memory corruption. This can be done using the AddressSanitizer tool to detect the resulting Segmentation Faults.