CVE: CVE-2024-1394

Descrizione: Un difetto di memoria perduta è stato riscontrato in Golang nel codice di crittografia RSA, che potrebbe portare a una vulnerabilità di esaurimento delle risorse causata da input controllati dall’attaccante​. Il difetto di memoria si verifica nel github.com/golang-fips/openssl/openssl/rsa.go#L113. Gli oggetti persi sono pkey e ctx​. Questa funzione utilizza parametri di ritorno denominati per liberare pkey e ctx se si verifica un errore nell’inizializzazione del contesto o nel impostare le diverse proprietà. Tutti i commenti di ritorno relativi ai casi di errore seguono il pattern “return nil, nil, fail(…)”, il che significa che pkey e ctx saranno nil all’interno della funzione deferente che dovrebbe liberarli.

Vettore di attacco CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Riferimenti esterni

• https://access.redhat.com/errata/RHSA-2024:1462
• https://access.redhat.com/errata/RHSA-2024:1468
• https://access.redhat.com/errata/RHSA-2024:1472
• https://access.redhat.com/errata/RHSA-2024:1501
• https://access.redhat.com/errata/RHSA-2024:1502
• https://access.redhat.com/errata/RHSA-2024:1561
• https://access.redhat.com/errata/RHSA-2024:1563
• https://access.redhat.com/errata/RHSA-2024:1566
• https://access.redhat.com/errata/RHSA-2024:1567
• https://access.redhat.com/errata/RHSA-2024:1574
• https://access.redhat.com/errata/RHSA-2024:1640
• https://access.redhat.com/errata/RHSA-2024:1644
• https://access.redhat.com/errata/RHSA-2024:1646
• https://access.redhat.com/errata/RHSA-2024:1763
• https://access.redhat.com/errata/RHSA-2024:1897
• https://access.redhat.com/errata/RHSA-2024:2562
• https://access.redhat.com/errata/RHSA-2024:2568
• https://access.redhat.com/errata/RHSA-2024:2569
• https://access.redhat.com/errata/RHSA-2024:2729
• https://access.redhat.com/errata/RHSA-2024:2730
• https://access.redhat.com/errata/RHSA-2024:2767
• https://access.redhat.com/errata/RHSA-2024:3265
• https://access.redhat.com/errata/RHSA-2024:3352
• https://access.redhat.com/errata/RHSA-2024:4146
• https://access.redhat.com/errata/RHSA-2024:4371
• https://access.redhat.com/errata/RHSA-2024:4378
• https://access.redhat.com/errata/RHSA-2024:4379
• https://access.redhat.com/errata/RHSA-2024:4502
• https://access.redhat.com/errata/RHSA-2024:4581
• https://access.redhat.com/errata/RHSA-2024:4591
• https://access.redhat.com/errata/RHSA-2024:4672
• https://access.redhat.com/errata/RHSA-2024:4699
• https://access.redhat.com/errata/RHSA-2024:4761
• https://access.redhat.com/errata/RHSA-2024:4762
• https://access.redhat.com/errata/RHSA-2024:4960
• https://access.redhat.com/errata/RHSA-2024:5258
• https://access.redhat.com/errata/RHSA-2024:5634
• https://access.redhat.com/errata/RHSA-2024:7262
• https://access.redhat.com/security/cve/CVE-2024-1394
• https://bugzilla.redhat.com/show_bug.cgi?id=2262921
• https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136
• https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6
• https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f
• https://pkg.go.dev/vuln/GO-2024-2660
• https://vuln.go.dev/ID/GO-2024-2660.json

Prodotti interessati

• Red Hat – Red Hat Ansible Automation Platform 2.4 for RHEL 8
• Red Hat – Red Hat Ansible Automation Platform 2.4 for RHEL 9
• Red Hat – Red Hat Developer Tools
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
• Red Hat – Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
• Red Hat – Red Hat Enterprise Linux 9.2 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 9.2 Extended Update Support
• Red Hat – Red Hat OpenShift Container Platform 4.12
• Red Hat – Red Hat OpenShift Container Platform 4.12
• Red Hat – Red Hat OpenShift Container Platform 4.12
• Red Hat – Red Hat OpenShift Container Platform 4.12
• Red Hat – Red Hat OpenShift Container Platform 4.12
• Red Hat – Red Hat OpenShift Container Platform 4.12
• Red Hat – Red Hat OpenShift Container Platform 4.12
• Red Hat – Red Hat OpenShift Container Platform 4.12
• Red Hat – Red Hat OpenShift Container Platform 4.12
• Red Hat – Red Hat OpenShift Container Platform 4.12
• Red Hat – Red Hat OpenShift Container Platform 4.13
• Red Hat – Red Hat OpenShift Container Platform 4.13
• Red Hat – Red Hat OpenShift Container Platform 4.13
• Red Hat – Red Hat OpenShift Container Platform 4.13
• Red Hat – Red Hat OpenShift Container Platform 4.13
• Red Hat – Red Hat OpenShift Container Platform 4.13
• Red Hat – Red Hat OpenShift Container Platform 4.13
• Red Hat – Red Hat OpenShift Container Platform 4.13
• Red Hat – Red Hat OpenShift Container Platform 4.13
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.14
• Red Hat – Red Hat OpenShift Container Platform 4.15
• Red Hat – Red Hat OpenShift Container Platform 4.15
• Red Hat – Red Hat OpenShift Container Platform 4.15
• Red Hat – Red Hat OpenShift Container Platform 4.15
• Red Hat – Red Hat OpenShift Container Platform 4.15
• Red Hat – Red Hat OpenShift Container Platform 4.15
• Red Hat – Red Hat OpenShift Container Platform 4.15
• Red Hat – Red Hat OpenShift Container Platform 4.15
• Red Hat – Red Hat OpenShift Container Platform 4.15
• Red Hat – Red Hat OpenShift Container Platform 4.15
• Red Hat – Red Hat OpenShift Container Platform 4.15
• Red Hat – Red Hat OpenShift Container Platform 4.15
• Red Hat – Red Hat OpenShift Container Platform 4.15
• Red Hat – Red Hat OpenStack Platform 16.2
• Red Hat – Red Hat OpenStack Platform 17.1 for RHEL 8
• Red Hat – Red Hat OpenStack Platform 17.1 for RHEL 9
• Red Hat – Red Hat OpenStack Platform 17.1 for RHEL 9
• Red Hat – RHODF-4.16-RHEL-9
• Red Hat – RHODF-4.16-RHEL-9
• Red Hat – NBDE Tang Server
• Red Hat – OpenShift Developer Tools and Services
• Red Hat – OpenShift Developer Tools and Services
• Red Hat – OpenShift Pipelines
• Red Hat – OpenShift Serverless
• Red Hat – Red Hat Ansible Automation Platform 1.2
• Red Hat – Red Hat Ansible Automation Platform 1.2
• Red Hat – Red Hat Ansible Automation Platform 2
• Red Hat – Red Hat Certification for Red Hat Enterprise Linux 8
• Red Hat – Red Hat Certification for Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 7
• Red Hat – Red Hat Enterprise Linux 7
• Red Hat – Red Hat Enterprise Linux 7
• Red Hat – Red Hat Enterprise Linux 7
• Red Hat – Red Hat Enterprise Linux 7
• Red Hat – Red Hat Enterprise Linux 7
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat OpenShift Container Platform 4
• Red Hat – Red Hat OpenShift Container Platform 4
• Red Hat – Red Hat OpenShift Container Platform 4
• Red Hat – Red Hat OpenShift Container Platform 4
• Red Hat – Red Hat OpenShift Container Platform 4
• Red Hat – Red Hat OpenShift Container Platform 4
• Red Hat – Red Hat OpenShift Container Platform 4
• Red Hat – Red Hat Openshift Container Storage 4
• Red Hat – Red Hat OpenShift Dev Spaces
• Red Hat – Red Hat OpenShift GitOps
• Red Hat – Red Hat OpenShift on AWS
• Red Hat – Red Hat OpenShift Virtualization 4
• Red Hat – Red Hat OpenStack Platform 16.1
• Red Hat – Red Hat OpenStack Platform 16.1
• Red Hat – Red Hat OpenStack Platform 16.1
• Red Hat – Red Hat OpenStack Platform 16.2
• Red Hat – Red Hat OpenStack Platform 16.2
• Red Hat – Red Hat OpenStack Platform 16.2
• Red Hat – Red Hat OpenStack Platform 17.1
• Red Hat – Red Hat OpenStack Platform 17.1
• Red Hat – Red Hat OpenStack Platform 17.1
• Red Hat – Red Hat OpenStack Platform 18.0
• Red Hat – Red Hat Service Interconnect 1
• Red Hat – Red Hat Service Interconnect 1
• Red Hat – Red Hat Service Interconnect 1
• Red Hat – Red Hat Software Collections
• Red Hat – Red Hat Storage 3

Relazioni con altri prodotti

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 7
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 9
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenShift Container Platform 4
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Storage 3
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Ansible Automation Platform 1.2
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Ansible Automation Platform 2
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenStack Platform 16.2
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenShift Container Platform 4.12
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Software Collections
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenShift Container Platform 4.13
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenShift Container Platform 4.14
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenStack Platform 16.1
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 9.2 Extended Update Support
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: OpenShift Serverless
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenShift Virtualization 4
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenStack Platform 17.1
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenStack Platform 18.0
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Ansible Automation Platform 2.4 for RHEL 8
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Ansible Automation Platform 2.4 for RHEL 9
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenStack Platform 17.1 for RHEL 8
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenStack Platform 17.1 for RHEL 9
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenShift GitOps
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenShift Container Platform 4.15
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: OpenShift Pipelines
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenShift Dev Spaces
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Developer Tools
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: RHODF-4.16-RHEL-9
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: NBDE Tang Server
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: OpenShift Developer Tools and Services
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Certification for Red Hat Enterprise Linux 8
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Certification for Red Hat Enterprise Linux 9
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Openshift Container Storage 4
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat OpenShift on AWS
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Service Interconnect 1
Anno: 2024
CWE: CWE-401
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2024)