WebAssembly Wabt Null Pointer Dereference Vulnerability in Binary Reader Interp Module

A null pointer dereference vulnerability has been identified in WebAssembly Wabt version 1.0.36. The issue occurs in the 'BinaryReaderInterp::BeginFunctionBody' function within the 'src/interp/binary-reader-interp.cc' file. This vulnerability arises because the function fails to validate a pointer before accessing it, leading to a potential application crash. The vulnerability can be exploited remotely, although the exploitation process is complex and challenging.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a segmentation fault and application crash. This type of vulnerability is known to disrupt the availability of the application.

Reproduction

The vulnerability can be reproduced by compiling Wabt with AddressSanitizer enabled, which helps detect memory errors. After building Wabt, a fuzzer can be used to send crafted input that triggers the null pointer dereference. The AddressSanitizer will report the segmentation fault caused by the invalid memory access, demonstrating the vulnerability.