Wren-Lang Wren Null Pointer Dereference Vulnerability in Compiler Function
Vulnerability
A null pointer dereference vulnerability has been identified in Wren-Lang Wren versions through 0.4.0. The issue arises in the compiler function 'getByteCountForArguments' within 'src/vm/wren_compiler.c'. This vulnerability occurs during the compilation of for loops, particularly if they are nested or located within a class method. The problem leads to a segmentation fault, as the compiler attempts to access a struct member from a null pointer, causing a crash. This vulnerability requires local access to exploit.
Impact
Exploitation of this vulnerability leads to a segmentation fault caused by a null pointer dereference, where the application attempts to read memory from a null pointer, resulting in a crash.
Reproduction
The vulnerability can be reproduced by compiling a Wren script that includes for loops, especially if they are nested or within a class method. This can be done by building Wren with release optimization and AddressSanitizer (ASan) enabled, and then running the Wren interpreter with the crafted script that triggers the null pointer dereference.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.