When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments due to a buffer overflow error.

If using wasm_exec.js to execute WASM modules, users will need to replace their copy (as described in https://golang.org/wiki/WebAssembly#getting-started) after rebuilding any modules.

CPENameOperatorVersion
toolchainlt1.16.9
toolchainge1.17.0-0
toolchainlt1.17.2

Name	Operator	Version
toolchain	lt	1.16.9
toolchain	ge	1.17.0-0
toolchain	lt	1.17.2

References

go.dev/cl/354571

go.dev/issue/48797

go.googlesource.com/go/+/77f2750f4398990eed972186706f160631d7dae4

groups.google.com/g/golang-announce/c/AEBu9j7yj5A

alpinelinux 1

cbl_mariner 2

openvas 16

debiancve 1

freebsd 1

suse 3

nessus 34

ubuntucve 1

redhatcve 1

altlinux 1

prion 1

githubexploit 2

veracode 1

nvd 1

osv 5

cvelist 1

cve 1

cnvd 1

ibm 5

photon 5

mageia 1

fedora 2

redhat 3

amazon 4

oraclelinux 1

rocky 1

almalinux 1

debian 1

gentoo 1

alpinelinux

CVE-2021-38297

2021-10-18 06:15:06

cbl_mariner

CVE-2021-38297 affecting package golang 1.16.7-1

2021-11-06 00:29:54

CVE-2021-38297 affecting package golang for versions less than 1.17.8-1

2022-04-26 19:57:46

openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1166)

2022-02-24 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:3487-1)

2021-10-21 00:00:00

openSUSE: Security Advisory for go1.16 (openSUSE-SU-2021:3487-1)

2021-10-21 00:00:00

debiancve

CVE-2021-38297

2021-10-18 06:15:06

freebsd

go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data

2021-10-06 00:00:00

suse

Security update for go1.16 (moderate)

2021-10-20 00:00:00

Security update for go1.17 (moderate)

2021-10-20 00:00:00

Security update for go1.16 (moderate)

2021-10-31 00:00:00

nessus

openSUSE 15 Security Update : go1.17 (openSUSE-SU-2021:3488-1)

2021-10-21 00:00:00

openSUSE 15 Security Update : go1.16 (openSUSE-SU-2021:1420-1)

2021-11-01 00:00:00

FreeBSD : go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data (4fce9635-28c0-11ec-9ba8-002324b2fba8)

2021-10-11 00:00:00

ubuntucve

CVE-2021-38297

2021-10-18 00:00:00

redhatcve

CVE-2021-38297

2021-10-11 14:49:54

altlinux

Security fix for the ALT Linux 10 package golang version 1.17.2-alt1

2021-10-11 00:00:00

prion

Buffer overflow

2021-10-18 06:15:00

githubexploit

Exploit for Classic Buffer Overflow in Golang Go

2023-11-15 20:52:36

Exploit for Classic Buffer Overflow in Golang Go

2024-04-04 01:17:05

veracode

Denial Of Service (DoS)

2021-10-11 04:53:12

nvd

CVE-2021-38297

2021-10-18 06:15:06

osv

CVE-2021-38297

2021-10-18 06:15:06

BIT-golang-2021-38297

2024-03-06 11:04:15

Moderate: go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

cvelist

CVE-2021-38297

2021-10-18 00:00:00

cve

CVE-2021-38297

2021-10-18 06:15:06

cnvd

Google Go buffer error vulnerability

2021-10-24 00:00:00

ibm

Security Bulletin: IBM Event Streams affected by potential buffer overflow in Golang (CVE-2021-38297)

2021-12-21 17:51:25

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

2022-08-25 02:03:35

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

2023-11-20 13:37:57

photon

Critical Photon OS Security Update - PHSA-2021-3.0-0321

2021-10-29 00:00:00

Critical Photon OS Security Update - PHSA-2021-0130

2021-11-29 00:00:00

Critical Photon OS Security Update - PHSA-2021-4.0-0130

2021-11-28 00:00:00

mageia

Updated golang packages fix security vulnerability

2021-10-13 22:39:52

fedora

[SECURITY] Fedora 35 Update: golang-1.16.11-1.fc35

2021-12-16 01:18:21

[SECURITY] Fedora 34 Update: golang-1.16.11-1.fc34

2021-12-16 01:14:10

redhat

(RHSA-2022:0432) Moderate: Release of OpenShift Serverless Client kn 1.20.0

2022-02-03 15:51:33

(RHSA-2022:1819) Moderate: go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

(RHSA-2022:0434) Moderate: Release of OpenShift Serverless 1.20.0

2022-02-03 17:07:25

amazon

Important: golang

2022-04-25 15:59:00

Important: golang

2022-07-06 03:11:00

Important: golang

2022-04-25 03:47:00

oraclelinux

go-toolset:ol8 security and bug fix update

2022-05-17 00:00:00

rocky

go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

almalinux

Moderate: go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

debian

[SECURITY] [DLA 3395-1] golang-1.11 security update

2023-04-19 21:42:48

gentoo

Go: Multiple Vulnerabilities

2022-08-04 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

9.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.0%

JSON

Related for OSV:GO-2022-0247