Vulnerability Report: GO-2022-0247
- CVE-2021-38297
- Affects: cmd/link
- Published: May 24, 2022
- Modified: Dec 13, 2023
When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments due to a buffer overflow error. If using wasm_exec.js to execute WASM modules, users will need to replace their copy (as described in https://golang.org/wiki/WebAssembly#getting-started) after rebuilding any modules.
Affected Packages
-
PathVersionsSymbols
-
before go1.16.9, from go1.17.0-0 before go1.17.2all symbols
Aliases
References
- https://go.dev/cl/354571
- https://go.googlesource.com/go/+/77f2750f4398990eed972186706f160631d7dae4
- https://go.dev/issue/48797
- https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A
- https://vuln.go.dev/ID/GO-2022-0247.json
Credits
- Ben Lubar
Feedback
See anything missing or incorrect?
Suggest an edit to this report.