QID 353275

a validation flaw was found in golang.
When invoking functions from wasm modules built using goarch=wasm goos=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments.
The highest threat from this vulnerability is to integrity. (
( CVE-2021-38297) an out of bounds read vulnerability was found in debug/macho of the go standard library.
When using the debug/macho standard library (stdlib) and malformed binaries are parsed using open or openfat, it can cause golang to attempt to read outside of a slice (array) causing a panic when calling importedsymbols.
An attacker can use this vulnerability to craft a file which causes an application using this library to crash resulting in a denial of service. (
( CVE-2021-41771) a vulnerability was found in archive/zip of the go standard library.
Applications written in go where reader.
Open (the api implementing io/fs.
Fs introduced in go 1.16) can panic when parsing a crafted zip archive containing completely invalid names or an empty filename argument. (
( CVE-2021-41772) theres an uncontrolled resource consumption flaw in golangs net/http library in the canonicalheader() function.
An attacker who submits specially crafted requests to applications linked with net/https http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources. (
( CVE-2021-44716) theres a flaw in golangs syscall.
Forkexec() interface

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.