WebAssembly Wabt Heap-Based Buffer Overflow Vulnerability in Export Handling

A critical heap-based buffer overflow vulnerability has been identified in WebAssembly Wabt version 1.0.36. The issue arises in the function 'wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport', located in 'wabt/src/interp/binary-reader-interp.cc' at line 693. This vulnerability is triggered when the binary reader processes certain malformed files, particularly in the first case of the switch statement, where it calls 'FuncType::Clone()'. This leads to an out-of-bounds read, causing a segmentation fault and allowing for a potential application crash.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, leading to a segmentation fault and a read operation beyond the allocated memory, which can be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by compiling Wabt with AddressSanitizer enabled, and then using a fuzzing harness that feeds malformed WebAssembly binary data into the 'BinaryReaderInterp' component. The fuzzer can be compiled and run to trigger the vulnerability, which will be reported as a heap-buffer-overflow error by the AddressSanitizer.

Remediation

Users are advised to update to the latest version of WebAssembly Wabt, where this vulnerability has been addressed.