{"id":"GO-2022-0247","summary":"Buffer overflow in WASM modules in misc/wasm and cmd/link","details":"When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments due to a buffer overflow error.\n\nIf using wasm_exec.js to execute WASM modules, users will need to replace their copy (as described in https://golang.org/wiki/WebAssembly#getting-started) after rebuilding any modules.","aliases":["BIT-golang-2021-38297","CVE-2021-38297"],"modified":"2024-05-20T16:03:47Z","published":"2022-05-24T20:14:28Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2022-0247"},"references":[{"type":"FIX","url":"https://go.dev/cl/354571"},{"type":"FIX","url":"https://go.googlesource.com/go/+/77f2750f4398990eed972186706f160631d7dae4"},{"type":"REPORT","url":"https://go.dev/issue/48797"},{"type":"WEB","url":"https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A"}],"affected":[{"package":{"name":"toolchain","ecosystem":"Go","purl":"pkg:golang/toolchain"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.16.9"},{"introduced":"1.17.0-0"},{"fixed":"1.17.2"}]}],"ecosystem_specific":{"imports":[{"goos":["js"],"goarch":["wasm"],"symbols":["Link.address"],"path":"cmd/link"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2022-0247.json"}}],"schema_version":"1.7.3","credits":[{"name":"Ben Lubar"}]}