CVE-2021-38297

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

History

07 Nov 2023, 03:37

Type Values Removed Values Added
References
  • {'url': 'https://groups.google.com/forum/#!forum/golang-announce', 'name': 'https://groups.google.com/forum/#!forum/golang-announce', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MISC'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/', 'name': 'FEDORA-2021-2b2dd1b5a7', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/', 'name': 'FEDORA-2021-2ef35beebf', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/ -
  • () https://groups.google.com/forum/#%21forum/golang-announce -

20 Apr 2023, 00:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html -

08 Sep 2022, 21:48

Type Values Removed Values Added
References (GENTOO) https://security.gentoo.org/glsa/202208-02 - (GENTOO) https://security.gentoo.org/glsa/202208-02 - Third Party Advisory

04 Aug 2022, 16:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202208-02 -

01 Apr 2022, 20:09

Type Values Removed Values Added
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/ - Mailing List, Third Party Advisory
First Time Fedoraproject fedora
Fedoraproject
CPE cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

16 Dec 2021, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/ -

28 Nov 2021, 23:34

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20211118-0006/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20211118-0006/ - Third Party Advisory

18 Nov 2021, 08:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20211118-0006/ -

21 Oct 2021, 16:31

Type Values Removed Values Added
References (CONFIRM) https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A - (CONFIRM) https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A - Mailing List, Release Notes, Third Party Advisory
References (MISC) https://groups.google.com/forum/#!forum/golang-announce - (MISC) https://groups.google.com/forum/#!forum/golang-announce - Mailing List, Third Party Advisory
CPE cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CWE CWE-120

18 Oct 2021, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-18 06:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-38297

Mitre link : CVE-2021-38297

CVE.ORG link : CVE-2021-38297


JSON object : View

Products Affected

golang

  • go

fedoraproject

  • fedora
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')