See why interactions between people, data, and technology will drive cyber risk to all time highs in 2019.

Our Blog

New whitepaper – Memory safety: old vulnerabilities become new with WebAssembly

Share

Thursday, Dec 06, 2018

Throughout 2018 we have made a number of blog posts on WebAssembly (Wasm). Since Wasm is a relatively new technology, one of the things we wanted to look into was whether support for Wasm in web browsers and adoption of Wasm for developing web applications brings new vulnerability classes to the web.

In order to make our research more broadly accessible, we decided to make it available as a whitepaper.

What is old becomes new

It turns out that vulnerability classes that typically do not exist in web applications enter into the web app context with the advent of Wasm. Actually, these vulnerability classes are not new in themselves, rather they are from the 90’s – but they are new in the sense that they have typically not been seen in a web app context before Wasm came along. In this whitepaper, we will look at some examples of these vulnerability classes.

It turns out that vulnerability classes that typically do not exist in web applications enter into the web app context with the advent of Wasm.

Specifically, most issues we will cover are related to memory safety, and the old vulnerability classes we will look at are the following:

  • Buffer overflow
  • Buffer overread in an integer overflow scenario
  • Function pointer overwrite: redirection of execution to similar function
  • Function pointer overwrite: redirection of execution to non-similar function
  • Format string bugs

Our viewpoint for these is how these vulnerability classes may affect Wasm web applications written in memory-unsafe languages. The discussion of each vulnerability class is accompanied by some very simple example of vulnerable code, showing how to exploit it.

Figure 1 - Command injection against a database achieved via a buffer overflow in a Wasm module

We will also briefly look at Wasm in terms of Use-After-Free bugs, before rounding up with a high-level comparison of exploitation of Wasm applications vs native applications.

Download link

The full technical analysis is available for download here.

About the Author

John Bergbom

Senior Security Researcher

John Bergbom is a Senior Security Researcher on Forcepoint’s Special Investigations team within Forcepoint Security Labs. He investigates a range of topics ranging from malware analysis and reverse engineering to the security implications of new technologies. From previous roles, he has...