VDB
DEBIAN-CVE-2021-38297
DEBIAN-CVE-2021-38297
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | golang-1.15 | 0, 1.15.15-1, 1.15.9-6 |
Exploit Intelligence
- A Proof of concept scenario for exploitation of CVE2021-38297 GO WASM buffer-overflow (github-poc-repo)
- paras98/CVE-2021-38297-Go-wasm-Replication (github-poc-repo)
- paras98/CVE-2021-38297-Go-wasm-Replication (github-poc)
- A Proof of concept scenario for exploitation of CVE2021-38297 GO WASM buffer-overflow (github-poc)
- .grype.yaml (github-poc)
Timeline
- Oct 18, 2021 CVE Published
- Apr 28, 2026 CVE Updated