CVE - CVE-2024-1394

CVE-ID
CVE-2024-1394	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:RHBZ#2262921 URL:https://bugzilla.redhat.com/show_bug.cgi?id=2262921 MISC:RHSA-2024:1462 URL:https://access.redhat.com/errata/RHSA-2024:1462 MISC:RHSA-2024:1468 URL:https://access.redhat.com/errata/RHSA-2024:1468 MISC:RHSA-2024:1472 URL:https://access.redhat.com/errata/RHSA-2024:1472 MISC:RHSA-2024:1501 URL:https://access.redhat.com/errata/RHSA-2024:1501 MISC:RHSA-2024:1502 URL:https://access.redhat.com/errata/RHSA-2024:1502 MISC:RHSA-2024:1561 URL:https://access.redhat.com/errata/RHSA-2024:1561 MISC:RHSA-2024:1563 URL:https://access.redhat.com/errata/RHSA-2024:1563 MISC:RHSA-2024:1566 URL:https://access.redhat.com/errata/RHSA-2024:1566 MISC:RHSA-2024:1567 URL:https://access.redhat.com/errata/RHSA-2024:1567 MISC:RHSA-2024:1574 URL:https://access.redhat.com/errata/RHSA-2024:1574 MISC:RHSA-2024:1640 URL:https://access.redhat.com/errata/RHSA-2024:1640 MISC:RHSA-2024:1644 URL:https://access.redhat.com/errata/RHSA-2024:1644 MISC:RHSA-2024:1646 URL:https://access.redhat.com/errata/RHSA-2024:1646 MISC:RHSA-2024:1763 URL:https://access.redhat.com/errata/RHSA-2024:1763 MISC:RHSA-2024:1897 URL:https://access.redhat.com/errata/RHSA-2024:1897 MISC:RHSA-2024:2562 URL:https://access.redhat.com/errata/RHSA-2024:2562 MISC:RHSA-2024:2568 URL:https://access.redhat.com/errata/RHSA-2024:2568 MISC:RHSA-2024:2569 URL:https://access.redhat.com/errata/RHSA-2024:2569 MISC:RHSA-2024:2729 URL:https://access.redhat.com/errata/RHSA-2024:2729 MISC:RHSA-2024:2730 URL:https://access.redhat.com/errata/RHSA-2024:2730 MISC:RHSA-2024:2767 URL:https://access.redhat.com/errata/RHSA-2024:2767 MISC:RHSA-2024:3265 URL:https://access.redhat.com/errata/RHSA-2024:3265 MISC:RHSA-2024:3352 URL:https://access.redhat.com/errata/RHSA-2024:3352 MISC:RHSA-2024:4146 URL:https://access.redhat.com/errata/RHSA-2024:4146 MISC:RHSA-2024:4371 URL:https://access.redhat.com/errata/RHSA-2024:4371 MISC:RHSA-2024:4378 URL:https://access.redhat.com/errata/RHSA-2024:4378 MISC:RHSA-2024:4379 URL:https://access.redhat.com/errata/RHSA-2024:4379 MISC:RHSA-2024:4502 URL:https://access.redhat.com/errata/RHSA-2024:4502 MISC:RHSA-2024:4581 URL:https://access.redhat.com/errata/RHSA-2024:4581 MISC:RHSA-2024:4591 URL:https://access.redhat.com/errata/RHSA-2024:4591 MISC:RHSA-2024:4672 URL:https://access.redhat.com/errata/RHSA-2024:4672 MISC:RHSA-2024:4699 URL:https://access.redhat.com/errata/RHSA-2024:4699 MISC:RHSA-2024:4761 URL:https://access.redhat.com/errata/RHSA-2024:4761 MISC:RHSA-2024:4762 URL:https://access.redhat.com/errata/RHSA-2024:4762 MISC:RHSA-2024:4960 URL:https://access.redhat.com/errata/RHSA-2024:4960 MISC:RHSA-2024:5258 URL:https://access.redhat.com/errata/RHSA-2024:5258 MISC:RHSA-2024:5634 URL:https://access.redhat.com/errata/RHSA-2024:5634 MISC:RHSA-2024:7262 URL:https://access.redhat.com/errata/RHSA-2024:7262 MISC:https://access.redhat.com/security/cve/CVE-2024-1394 URL:https://access.redhat.com/security/cve/CVE-2024-1394 MISC:https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 URL:https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 MISC:https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 URL:https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 MISC:https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f URL:https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f MISC:https://pkg.go.dev/vuln/GO-2024-2660 URL:https://pkg.go.dev/vuln/GO-2024-2660 MISC:https://vuln.go.dev/ID/GO-2024-2660.json URL:https://vuln.go.dev/ID/GO-2024-2660.json
Assigning CNA
Red Hat, Inc.
Date Record Created
20240209	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240209)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)