New whitepaper – Memory safety: old vulnerabilities become new with WebAssembly
Throughout 2018 we have made a number of blog posts on WebAssembly (Wasm). Since Wasm is a relatively new technology, one of the things we wanted to look into was whether support for Wasm in web browsers and adoption of Wasm for developing web applications brings new vulnerability classes to the web.
In order to make our research more broadly accessible, we decided to make it available as a whitepaper.
What is old becomes new
It turns out that vulnerability classes that typically do not exist in web applications enter into the web app context with the advent of Wasm. Actually, these vulnerability classes are not new in themselves, rather they are from the 90’s – but they are new in the sense that they have typically not been seen in a web app context before Wasm came along. In this whitepaper, we will look at some examples of these vulnerability classes.
It turns out that vulnerability classes that typically do not exist in web applications enter into the web app context with the advent of Wasm.
Specifically, most issues we will cover are related to memory safety, and the old vulnerability classes we will look at are the following:
- Buffer overflow
- Buffer overread in an integer overflow scenario
- Function pointer overwrite: redirection of execution to similar function
- Function pointer overwrite: redirection of execution to non-similar function
- Format string bugs
Our viewpoint for these is how these vulnerability classes may affect Wasm web applications written in memory-unsafe languages. The discussion of each vulnerability class is accompanied by some very simple example of vulnerable code, showing how to exploit it.
We will also briefly look at Wasm in terms of Use-After-Free bugs, before rounding up with a high-level comparison of exploitation of Wasm applications vs native applications.
Download link
The full technical analysis is available for download here.
