gsd-2024-1394
Vulnerability from gsd
Modified
2024-02-10 06:02
Details
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
Aliases
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-1394" ], "details": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs\u200b. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey\u200b and ctx\u200b. That function uses named return parameters to free pkey\u200b and ctx\u200b if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey\u200b and ctx\u200b will be nil inside the deferred function that should free them.", "id": "GSD-2024-1394", "modified": "2024-02-10T06:02:58.458753Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2024-1394", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.4.5-1.el8ap", "versionType": "rpm" } ] } } ] } }, { "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.4.5-1.el9ap", "versionType": "rpm" } ] } } ] } }, { "product_name": "Red Hat Developer Tools", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.19.13-6.el7_9", "versionType": "rpm" } ] } } ] } }, { "product_name": "Red Hat Enterprise Linux 8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8090020240313170136.26eb71ac", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.1.1-2.el8_9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:9.2.10-8.el8_9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } }, { "product_name": "Red Hat Enterprise Linux 9", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.20.12-2.el9_3", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:9.2.10-8.el9_3", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.1.1-2.el9_3", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } }, { "product_name": "Red Hat OpenShift Container Platform 4.12", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.23.4-5.2.rhaos4.12.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.16.0-2.2.rhaos4.12.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.1.rhaos4.12.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.25.5-13.1.rhaos4.12.git76343da.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.25.0-2.2.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.14.0-7.1.rhaos4.12.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-2.1.rhaos4.12.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:1.1.6-5.2.rhaos4.12.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.9.4-3.2.rhaos4.12.el9", "versionType": "rpm" } ] } } ] } }, { "product_name": "Red Hat OpenShift Container Platform 4.13", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.29.1-2.2.rhaos4.13.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.1.rhaos4.13.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.26.5-11.1.rhaos4.13.git919cc6e.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.26.0-4.1.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.15.0-7.1.rhaos4.13.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-6.2.rhaos4.13.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:1.1.12-1.1.rhaos4.13.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.11.2-2.2.rhaos4.13.el8", "versionType": "rpm" } ] } } ] } }, { "product_name": "Red Hat OpenShift Container Platform 4.14", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.19.0-1.3.rhaos4.14.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.2.rhaos4.14.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.0-3.1.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.16.2-2.1.rhaos4.14.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-11.3.rhaos4.14.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.11.2-10.3.rhaos4.14.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.29.1-10.4.rhaos4.14.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.19.0-1.4.rhaos4.14.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:2.1.7-3.4.rhaos4.14.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.3.rhaos4.14.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.4-7.2.rhaos4.14.git082c52f.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.27.0-3.2.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.16.2-2.2.rhaos4.14.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.gd2acdd5.assembly.stream.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.g8926a29.assembly.stream.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.0-202404151639.p0.g607e2dd.assembly.stream.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:23.09.0-139.el9fdp", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-11.4.rhaos4.14.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:1.1.12-1.2.rhaos4.14.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.11.2-10.4.rhaos4.14.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.14.19-202403280926.p0.gc1f8861.assembly.4.14.19.el9", "versionType": "rpm" } ] } } ] } }, { "product_name": "Red Hat OpenShift Container Platform 4.15", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.29.1-20.3.rhaos4.15.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:0.20.0-1.1.rhaos4.15.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1:1.4.0-1.2.rhaos4.15.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.28.4-8.rhaos4.15.git24f50b9.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.28.0-3.1.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.16.2-2.1.rhaos4.15.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.15.0-202403211549.p0.g2e3cca1.assembly.stream.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3:4.4.1-21.1.rhaos4.15.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:1.1.12-1.1.rhaos4.15.el8", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:1.11.2-21.2.rhaos4.15.el9", "versionType": "rpm" } ] } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.15.6-202403280951.p0.g94b1c2a.assembly.4.15.6.el9", "versionType": "rpm" } ] } } ] } }, { "product_name": "NBDE Tang Server", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } } ] } }, { "product_name": "OpenShift Developer Tools and Services", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } } ] } }, { "product_name": "OpenShift Pipelines", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } } ] } }, { "product_name": "OpenShift Serverless", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat Ansible Automation Platform 1.2", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } } ] } }, { "product_name": "Red Hat Ansible Automation Platform 2", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } } ] } }, { "product_name": "Red Hat Certification for Red Hat Enterprise Linux 8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } } ] } }, { "product_name": "Red Hat Certification for Red Hat Enterprise Linux 9", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } } ] } }, { "product_name": "Red Hat Enterprise Linux 7", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat OpenShift Container Platform 4", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } }, { "product_name": "Red Hat Openshift Container Storage 4", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat Openshift Data Foundation 4", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } } ] } }, { "product_name": "Red Hat OpenShift Dev Spaces", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } } ] } }, { "product_name": "Red Hat OpenShift GitOps", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } } ] } }, { "product_name": "Red Hat OpenShift on AWS", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } } ] } }, { "product_name": "Red Hat OpenShift Virtualization 4", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } } ] } }, { "product_name": "Red Hat OpenStack Platform 16.1", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } }, { "product_name": "Red Hat OpenStack Platform 16.2", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } }, { "product_name": "Red Hat OpenStack Platform 17.1", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } }, { "product_name": "Red Hat Service Interconnect 1", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } }, { "product_name": "Red Hat Software Collections", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } } ] } }, { "product_name": "Red Hat Storage 3", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown" } } ] } } ] }, "vendor_name": "Red Hat" } ] } }, "credits": [ { "lang": "en", "value": "Red Hat would like to thank @qmuntal and @r3kumar for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs\u200b. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey\u200b and ctx\u200b. That function uses named return parameters to free pkey\u200b and ctx\u200b if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey\u200b and ctx\u200b will be nil inside the deferred function that should free them." } ] }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-401", "lang": "eng", "value": "Missing Release of Memory after Effective Lifetime" } ] } ] }, "references": { "reference_data": [ { "name": "https://access.redhat.com/errata/RHSA-2024:1462", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1462" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1468", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1468" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1472", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1472" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1501", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1501" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1502", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1502" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1561", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1561" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1563", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1563" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1566", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1566" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1567", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1567" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1574", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1574" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1640", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1640" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1644", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1644" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1646", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1646" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1763", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1763" }, { "name": "https://access.redhat.com/errata/RHSA-2024:1897", "refsource": "MISC", "url": "https://access.redhat.com/errata/RHSA-2024:1897" }, { "name": "https://access.redhat.com/security/cve/CVE-2024-1394", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2024-1394" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921" }, { "name": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136", "refsource": "MISC", "url": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136" }, { "name": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6", "refsource": "MISC", "url": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6" }, { "name": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f", "refsource": "MISC", "url": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f" }, { "name": "https://pkg.go.dev/vuln/GO-2024-2660", "refsource": "MISC", "url": "https://pkg.go.dev/vuln/GO-2024-2660" }, { "name": "https://vuln.go.dev/ID/GO-2024-2660.json", "refsource": "MISC", "url": "https://vuln.go.dev/ID/GO-2024-2660.json" } ] }, "work_around": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ] }, "nvd.nist.gov": { "cve": { "descriptions": [ { "lang": "en", "value": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs\u200b. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey\u200b and ctx\u200b. That function uses named return parameters to free pkey\u200b and ctx\u200b if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey\u200b and ctx\u200b will be nil inside the deferred function that should free them." }, { "lang": "es", "value": "Se encontr\u00f3 una falla de p\u00e9rdida de memoria en Golang en el c\u00f3digo de cifrado/descifrado RSA, lo que podr\u00eda conducir a una vulnerabilidad de agotamiento de recursos mediante entradas controladas por el atacante. La p\u00e9rdida de memoria ocurre en github.com/golang-fips/openssl/openssl/rsa.go#L113. Los objetos filtrados son pkey? y ctx?. Esa funci\u00f3n utiliza par\u00e1metros de retorno con nombre para liberar pkey? y ctx? si hay un error al inicializar el contexto o al configurar las diferentes propiedades. Todas las declaraciones de devoluci\u00f3n relacionadas con casos de error siguen el patr\u00f3n \"return nil, nil, fail(...)\", lo que significa que pkey? y ctx? ser\u00e1n nulos dentro de la funci\u00f3n diferida que deber\u00eda liberarlos." } ], "id": "CVE-2024-1394", "lastModified": "2024-04-27T01:15:06.083", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary" } ] }, "published": "2024-03-21T13:00:08.037", "references": [ { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1462" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1468" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1472" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1501" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1502" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1561" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1563" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1566" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1567" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1574" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1640" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1644" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1646" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1763" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1897" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-1394" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921" }, { "source": "secalert@redhat.com", "url": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136" }, { "source": "secalert@redhat.com", "url": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6" }, { "source": "secalert@redhat.com", "url": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f" }, { "source": "secalert@redhat.com", "url": "https://pkg.go.dev/vuln/GO-2024-2660" }, { "source": "secalert@redhat.com", "url": "https://vuln.go.dev/ID/GO-2024-2660.json" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-401" } ], "source": "secalert@redhat.com", "type": "Primary" } ] } } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.