CVE-2024-1394
Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Productos afectados
Red Hat · NBDE Tang ServerRed Hat · OpenShift Developer Tools and ServicesRed Hat · OpenShift PipelinesRed Hat · OpenShift ServerlessRed Hat · Red Hat Ansible Automation Platform 1.2Red Hat · Red Hat Ansible Automation Platform 2.4 for RHEL 8Red Hat · Red Hat Ansible Automation Platform 2.4 for RHEL 9Red Hat · Red Hat Certification for Red Hat Enterprise Linux 8Red Hat · Red Hat Certification Program for Red Hat Enterprise Linux 9Red Hat · Red Hat Developer ToolsRed Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat · Red Hat OpenShift Container Platform 4Red Hat · Red Hat OpenShift Container Platform 4.12Red Hat · Red Hat OpenShift Container Platform 4.13Red Hat · Red Hat OpenShift Container Platform 4.14Red Hat · Red Hat OpenShift Container Platform 4.15Red Hat · Red Hat Openshift Container Storage 4Red Hat · Red Hat OpenShift Dev SpacesRed Hat · Red Hat OpenShift GitOpsRed Hat · Red Hat OpenShift on AWSRed Hat · Red Hat OpenShift Virtualization 4Red Hat · Red Hat OpenStack Platform 16.1Red Hat · Red Hat OpenStack Platform 16.2Red Hat · Red Hat OpenStack Platform 17.1Red Hat · Red Hat OpenStack Platform 17.1 for RHEL 8Red Hat · Red Hat OpenStack Platform 17.1 for RHEL 9Red Hat · Red Hat OpenStack Platform 18.0Red Hat · Red Hat Service Interconnect 1Red Hat · Red Hat Software CollectionsRed Hat · Red Hat Storage 3Red Hat · RHODF-4.16-RHEL-9¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2024:1462https://access.redhat.com/errata/RHSA-2024:1468https://access.redhat.com/errata/RHSA-2024:1472https://access.redhat.com/errata/RHSA-2024:1501https://access.redhat.com/errata/RHSA-2024:1502https://access.redhat.com/errata/RHSA-2024:1561https://access.redhat.com/errata/RHSA-2024:1563https://access.redhat.com/errata/RHSA-2024:1566https://access.redhat.com/errata/RHSA-2024:1567https://access.redhat.com/errata/RHSA-2024:1574https://access.redhat.com/errata/RHSA-2024:1640https://access.redhat.com/errata/RHSA-2024:1644