VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-8ycp-22yk-aaap

Essentials
Severities (97)
References (23)
Severity details (10)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-8ycp-22yk-aaap
Aliases	CVE-2021-38297
Summary	Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-20	Improper Input Validation

System	Score	Found at
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0432
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:0434
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:1819
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json
epss	0.00514	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.00514	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.00514	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.00514	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.00514	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.00514	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.00514	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.00514	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.00514	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.00514	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.00514	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.00514	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.00812	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.00812	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.00812	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.04754	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.06318	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.06318	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.06318	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.06318	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
epss	0.10073	https://api.first.org/data/v1/epss?cve=CVE-2021-38297
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=2012887
cvssv3.1	6.2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://groups.google.com/forum/#!forum/golang-announce
generic_textual	HIGH	https://groups.google.com/forum/#!forum/golang-announce
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-38297
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2021-38297
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2021-38297
archlinux	Medium	https://security.archlinux.org/AVG-2454
cvssv3.1	5.3	https://security.gentoo.org/glsa/202208-02
generic_textual	MODERATE	https://security.gentoo.org/glsa/202208-02

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-38297
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38297
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://groups.google.com/forum/#%21forum/golang-announce
		https://groups.google.com/forum/#!forum/golang-announce
		https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A
		https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/
		https://security.gentoo.org/glsa/202208-02
		https://security.netapp.com/advisory/ntap-20211118-0006/
2012887		https://bugzilla.redhat.com/show_bug.cgi?id=2012887
AVG-2454		https://security.archlinux.org/AVG-2454
cpe:2.3:a:golang:go::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go::::::::
cpe:2.3:o:fedoraproject:fedora:34:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
CVE-2021-38297		https://nvd.nist.gov/vuln/detail/CVE-2021-38297
RHSA-2022:0432		https://access.redhat.com/errata/RHSA-2022:0432
RHSA-2022:0434		https://access.redhat.com/errata/RHSA-2022:0434
RHSA-2022:1819		https://access.redhat.com/errata/RHSA-2022:1819

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#!forum/golang-announce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-38297

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-38297

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-38297

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://security.gentoo.org/glsa/202208-02

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.77134
EPSS Score	0.00514
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.