Bringing Binary Exploitation at Port 80: Understanding C Vulnerabilities in WebAssembly

WebAssembly (Wasm) has emerged as a novel approach for integrating binaries into web applications starting from various programming languages such as C, Rust and Python. Despite the numerous claims about its memory safety, issues such as buffer overflow, format strings, use after free, and integer overflow have resurfaced within Wasm. These vulnerabilities can be used to impact web application security, potentially leading to critical issues like Cross-Site Scripting (XSS) and Remote Code Execution (RCE). Our work aims to demonstrate how memory-related vulnerabilities in C codes, when compiled into Wasm, can be exploited for XSS and RCE. Our methodology proposes proof of concepts related to exploiting important stack- and heap-based vulnerabilities. In particular, we demonstrate for the first time that specific vulnerabilities (such as format string) can be effectively employed to achieve arbitrary read and write in Wasm contexts. Our results pose serious concerns about the reliability of Wasm in terms of memory safety, which we believe should be addressed in the next releases.