CVE-2021-38297

CRITICAL

Go <1.16.9, <1.17.2 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-38297. PoCs published by gkrishnan724, paras98.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2021-38297, demonstrating memory corruption in a WebAssembly (WASM) environment. The exploit leverages Go-based WASM modules to manipulate memory and extract sensitive data, showcasing the vulnerability's impact.

Description

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.

Exploits (2)

nomisec WORKING POC 6 stars

by gkrishnan724 · poc

https://github.com/gkrishnan724/CVE-2021-38297

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2021-38297, demonstrating memory corruption in a WebAssembly (WASM) environment. The exploit leverages Go-based WASM modules to manipulate memory and extract sensitive data, showcasing the vulnerability's impact.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WebAssembly (WASM) environments with vulnerable Go implementations

No auth needed

Prerequisites: WebAssembly support in the target environment · Execution of malicious WASM module

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by paras98 · poc

https://github.com/paras98/CVE-2021-38297-Go-wasm-Replication