Go is rarely used in contexts where an attacker can groom the heap before doing the attack. The closest one is probably a breakout from an exposed container on a host with a Docker runtime.
If you're certain, demonstrate it. It'll be the first time it's been demonstrated. Message board arguments like this are literally the only place this claim is taken seriously.
I triggered SSM agent crashes while developing my https://github.com/Cyberax/gimlet by doing concurrent requests.
I'm certain that they could have been used to do code execution, but it just makes no real sense given the context.