x/vulndb: add GO-2022-0247 for CVE-2021-38297
Fixes golang/vulndb#247
Change-Id: I88ff26f82843776ff9df9c15c981cca035faae92
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/407994
Auto-Submit: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
diff --git a/reports/GO-2022-0247.yaml b/reports/GO-2022-0247.yaml
new file mode 100644
index 0000000..b31d466
--- /dev/null
+++ b/reports/GO-2022-0247.yaml
@@ -0,0 +1,39 @@
+packages:
+ - module: std
+ package: cmd/link
+ symbols:
+ - Link.address
+ versions:
+ - fixed: 1.16.9
+ - introduced: 1.17.0
+ fixed: 1.17.2
+ - module: std
+ package: misc/wasm
+ symbols:
+ - run
+ versions:
+ - fixed: 1.16.9
+ - introduced: 1.17.0
+ fixed: 1.17.2
+description: |
+ When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js,
+ passing very large arguments can cause portions of the module to be
+ overwritten with data from the arguments due to a buffer overflow error.
+
+ If using wasm_exec.js to execute WASM modules, users will need to replace
+ their copy (as described in
+ https://golang.org/wiki/WebAssembly#getting-started) after rebuilding any
+ modules.
+cves:
+ - CVE-2021-38297
+os:
+ - js
+arch:
+ - wasm
+credit: Ben Lubar
+links:
+ pr: https://go.dev/cl/354571
+ commit: https://go.googlesource.com/go/+/77f2750f4398990eed972186706f160631d7dae4
+ context:
+ - https://go.dev/issue/48797
+ - https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A