WebAssembly Binaryen BrOn Parser Assertion Failure Vulnerability

An assertion failure vulnerability has been identified in WebAssembly Binaryen versions prior to 117. The issue arises in the BrOn Parser component, specifically within the IRBuilder::makeBrOn function in the file wasm-ir-builder.cpp. The vulnerability is triggered by manipulating the parser with malformed WebAssembly input, leading to a reachable assertion failure. This issue must be approached locally, and the exploit is now public.

Impact

Exploitation of this vulnerability causes a program crash due to an unhandled assertion failure.

Reproduction

The vulnerability can be reproduced by building WebAssembly Binaryen with AddressSanitizer enabled, using AFL++ as the compiler. After compiling the project, the 'wasm-ctor-eval' tool can be used to evaluate a crafted WebAssembly input that triggers the assertion failure. This process involves parsing the malformed input with 'wasm-ctor-eval', which executes functions at compile time and can expose the vulnerability by causing the assertion to fail.

Remediation

Users are advised to update to WebAssembly Binaryen version 117 or later, where this vulnerability has been patched.