blob: 6d0911f050c3e488602565557511000b07a462c0 [file] [log] [blame]
id: GO-2022-0247
modules:
- module: cmd
versions:
- fixed: 1.16.9
- introduced: 1.17.0-0
- fixed: 1.17.2
vulnerable_at: 1.17.1
packages:
- package: cmd/link
goos:
- js
goarch:
- wasm
symbols:
- Link.address
skip_fix: fix does not work with Go <1.18
summary: Buffer overflow in WASM modules in misc/wasm and cmd/link
description: |-
When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js,
passing very large arguments can cause portions of the module to be overwritten
with data from the arguments due to a buffer overflow error.
If using wasm_exec.js to execute WASM modules, users will need to replace their
copy (as described in https://golang.org/wiki/WebAssembly#getting-started) after
rebuilding any modules.
published: 2022-05-24T20:14:28Z
cves:
- CVE-2021-38297
credits:
- Ben Lubar
references:
- fix: https://go.dev/cl/354571
- fix: https://go.googlesource.com/go/+/77f2750f4398990eed972186706f160631d7dae4
- report: https://go.dev/issue/48797
- web: https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A
review_status: REVIEWED