WebAssembly is a binary format designed and optimized for high performance execution on the web, although it can also be used in standalone applications. Even though WebAssembly uses sandboxed execution, certain types of bugs may still be exploitable within the context of the WASM binary. Depending on the layout of the entire application, external calls, presence of untrusted data inputs and other factors, such a bug may have less important or very severe consequences.
Note: This blog post is not about exploiting WebAssembly itself. It provides sandboxed execution and was never designed to prevent memory corruptions within the application itself. We will be going through exploitation of a basic buffer overflow in an example application compiled to WebAssembly. Triggering a buffer overflow inside WebAssembly does not escape the sandbox and it does not corrupt memory outside the sandbox, the only affected memory is the linear memory of the WebAssembly module.
Here we'll demonstrate a simple buffer overflow exploit in code intentionally written to be exploitable for the purpose of this blog post. Real world applications may require more or less work depending on circumstances.