Published: 18/10/2021 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Go prior to 1.16.9 and 1.17.x prior to 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.

Vulnerable Product	Search on Vulmon	Subscribe to Product
golang go
fedoraproject fedora 34
fedoraproject fedora 35

Synopsis Moderate: Release of OpenShift Serverless Client kn 1200 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Release of OpenShift Serverless Client kn 1200Red Hat Product Security has rated this update as having a ...

Synopsis Moderate: Release of OpenShift Serverless 1200 Type/Severity Security Advisory: Moderate Topic Release of OpenShift Serverless 1200Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available fo ...

A validation flaw was found in golang When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments The highest threat from this vulnerability is to integrity (CVE-2021-38297) An out of bounds read vulnerability was found in ...

No description is available for this CVE ...

A validation flaw was found in golang When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments The highest threat from this vulnerability is to integrity (CVE-2021-38297) An out of bounds read vulnerability was found in ...

A null pointer dereference vulnerability was found in golang When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the authentication method and cause the server to panic resulting in a denial of service The highest threat from this vulnera ...

A validation flaw was found in golang When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments The highest threat from this vulnerability is to integrity (CVE-2021-38297) A vulnerability was found in archive/zip of the G ...

A security issue has been found in go before version 1172 When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments If using wasm_execjs to execute WASM modules, users will need to replace their copy (as described in ...

A validation flaw was found in golang When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments The highest threat from this vulnerability is to integrity (CVE-2021-38297) An out of bounds read vulnerability was found in ...

A Proof of concept scenario for exploitation of CVE2021-38297 GO WASM buffer-overflow

Exploiting CVE-2021-38297: Vulnerability in GO Wasm Buffer Overflow Overview of the Vulnerability WebAssembly (WASM) serves as a binary instruction format executable in most modern web browsers It acts as a compilation target for various high-level languages like C, C++, Rust, and GO, allowing code to be written in these languages and compiled into WASM CVE-2021-38297 highlig

Set of CVE presentations for Hacking101

CVE Presentations Set of CVE presentations for 18-739D: Special Topics in Security: Hacking 101 course at CMU CVE-2020-36318 First CVE is a buffer overflow vulnerability in the Rust standard library make_contiguous in the standard library has a bug that pops the same element more than once under specific conditions This results in double free scenarios Rust claims to be a

CWE-120 https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A https://security.netapp.com/advisory/ntap-20211118-0006/https://security.gentoo.org/glsa/202208-02 https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://groups.google.com/forum/#%21forum/golang-announce https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/https://access.redhat.com/errata/RHSA-2022:0432 https://nvd.nist.gov https://github.com/gkrishnan724/CVE-2021-38297 https://alas.aws.amazon.com/ALAS-2022-1583.html

CVE-2021-38297

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect