CVE-2021-38297

Name
CVE-2021-38297
Description
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A
MISC https://groups.google.com/forum/#!forum/golang-announce
Third Party Advisory https://security.netapp.com/advisory/ntap-20211118-0006/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* go >= None < 1.16.9
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* go >= 1.17.0 < 1.17.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status