CVE-2024-1394

UNKNOWN

Published 2024-03-21T12:16:38.790Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-1394. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

7.5

/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.001

probability

of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.326

Higher than 32.6% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Description

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Red Hat

Red Hat Ansible Automation Platform 2.4 for RHEL 8

Affected Versions:

0:1.4.5-1.el8ap

Red Hat

Red Hat Ansible Automation Platform 2.4 for RHEL 9

Affected Versions:

0:1.4.5-1.el9ap

Red Hat

Red Hat Developer Tools

Affected Versions:

0:1.19.13-6.el7_9

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

8090020240313170136.26eb71ac

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:5.1.1-2.el8_9

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:9.2.10-8.el8_9

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:9.2.10-16.el8_10

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

8100020240808093819.afee755d

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:101-2.el8_10

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:1.20.12-2.el9_3

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:9.2.10-8.el9_3

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:5.1.1-2.el9_3

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:1.21.9-2.el9_4

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:9.2.10-16.el9_4

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:5.1.1-2.el9_4

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

2:1.33.7-3.el9_4

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

4:4.9.4-5.el9_4

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

6:0.7.3-4.el9_4

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

2:1.14.3-3.el9_4

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

1:1.4.0-4.el9_4

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

4:1.1.12-3.el9_4

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:132-1.el9

Red Hat

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Affected Versions:

2:4.2.0-4.el9_0

Red Hat

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Affected Versions:

1:1.0.1-6.el9_0

Red Hat

Red Hat Enterprise Linux 9.2 Extended Update Support

Affected Versions:

0:1.19.13-7.el9_2

Red Hat

Red Hat Enterprise Linux 9.2 Extended Update Support

Affected Versions:

2:4.4.1-20.el9_2

Red Hat

Red Hat OpenShift Container Platform 4.12

Affected Versions:

1:1.23.4-5.2.rhaos4.12.el9

Red Hat

Red Hat OpenShift Container Platform 4.12

Affected Versions:

0:0.16.0-2.2.rhaos4.12.el8

Red Hat

Red Hat OpenShift Container Platform 4.12

Affected Versions:

1:1.4.0-1.1.rhaos4.12.el8

Red Hat

Red Hat OpenShift Container Platform 4.12

Affected Versions:

0:1.25.5-13.1.rhaos4.12.git76343da.el8

Red Hat

Red Hat OpenShift Container Platform 4.12

Affected Versions:

0:1.25.0-2.2.el8

Red Hat

Red Hat OpenShift Container Platform 4.12

Affected Versions:

0:2.14.0-7.1.rhaos4.12.el8

Red Hat

Red Hat OpenShift Container Platform 4.12

Affected Versions:

0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el8

Red Hat

Red Hat OpenShift Container Platform 4.12

Affected Versions:

3:4.2.0-7.2.rhaos4.12.el9

Red Hat

Red Hat OpenShift Container Platform 4.12

Affected Versions:

3:1.1.6-5.2.rhaos4.12.el8

Red Hat

Red Hat OpenShift Container Platform 4.12

Affected Versions:

2:1.9.4-3.2.rhaos4.12.el8

Red Hat

Red Hat OpenShift Container Platform 4.13

Affected Versions:

1:1.29.1-2.2.rhaos4.13.el9

Red Hat

Red Hat OpenShift Container Platform 4.13

Affected Versions:

1:1.4.0-1.1.rhaos4.13.el8

Red Hat

Red Hat OpenShift Container Platform 4.13

Affected Versions:

0:1.26.5-11.1.rhaos4.13.git919cc6e.el8

Red Hat

Red Hat OpenShift Container Platform 4.13

Affected Versions:

0:1.26.0-4.2.el9

Red Hat

Red Hat OpenShift Container Platform 4.13

Affected Versions:

0:2.15.0-7.1.rhaos4.13.el9

Red Hat

Red Hat OpenShift Container Platform 4.13

Affected Versions:

0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.13

Affected Versions:

3:4.4.1-5.2.rhaos4.13.el8

Red Hat

Red Hat OpenShift Container Platform 4.13

Affected Versions:

4:1.1.12-1.1.rhaos4.13.el9

Red Hat

Red Hat OpenShift Container Platform 4.13

Affected Versions:

2:1.11.2-2.2.rhaos4.13.el9

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:0.19.0-1.3.rhaos4.14.el8

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

1:1.4.0-1.2.rhaos4.14.el8

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el9

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:1.27.0-3.1.el9

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:2.16.2-2.1.rhaos4.14.el9

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el8

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

3:4.4.1-11.3.rhaos4.14.el8

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

2:1.11.2-10.3.rhaos4.14.el9

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

1:1.29.1-10.4.rhaos4.14.el8

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:0.19.0-1.4.rhaos4.14.el8

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

3:2.1.7-3.4.rhaos4.14.el8

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

1:1.4.0-1.3.rhaos4.14.el8

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:1.27.4-7.2.rhaos4.14.git082c52f.el9

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:1.27.0-3.2.el9

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:2.16.2-2.2.rhaos4.14.el9

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:4.14.0-202404151639.p0.gd2acdd5.assembly.stream.el8

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el8

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el8

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:4.14.0-202404151639.p0.g8926a29.assembly.stream.el8

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:4.14.0-202404151639.p0.g607e2dd.assembly.stream.el8

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

3:4.4.1-11.4.rhaos4.14.el9

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

4:1.1.12-1.2.rhaos4.14.el9

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

2:1.11.2-10.4.rhaos4.14.el8

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

0:4.14.19-202403280926.p0.gc1f8861.assembly.4.14.19.el9

Red Hat

Red Hat OpenShift Container Platform 4.14

Affected Versions:

414.92.202407300859-0

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

1:1.29.1-20.3.rhaos4.15.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

0:0.20.0-1.1.rhaos4.15.el8

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

1:1.4.0-1.2.rhaos4.15.el8

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

0:1.28.4-8.rhaos4.15.git24f50b9.el8

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

0:1.28.0-3.1.el8

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

0:2.16.2-2.1.rhaos4.15.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

0:4.15.0-202403211549.p0.g2e3cca1.assembly.stream.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

3:4.4.1-21.1.rhaos4.15.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

4:1.1.12-1.1.rhaos4.15.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

2:1.11.2-21.2.rhaos4.15.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

0:4.15.6-202403280951.p0.g94b1c2a.assembly.4.15.6.el9

Red Hat

Red Hat OpenShift Container Platform 4.15

Affected Versions:

415.92.202407191425-0

Red Hat

Red Hat OpenStack Platform 16.2

Affected Versions:

0:3.3.23-16.el8ost

Red Hat

Red Hat OpenStack Platform 17.1 for RHEL 8

Affected Versions:

0:0.2.1-3.el8ost

Red Hat

Red Hat OpenStack Platform 17.1 for RHEL 9

Affected Versions:

0:3.4.26-8.el9ost

Red Hat

Red Hat OpenStack Platform 17.1 for RHEL 9

Affected Versions:

0:0.2.1-3.el9ost

Red Hat

RHODF-4.16-RHEL-9

Affected Versions:

v4.16.0-137

Red Hat

RHODF-4.16-RHEL-9

Affected Versions:

v4.16.0-38

Red Hat

NBDE Tang Server

Red Hat

OpenShift Developer Tools and Services

Red Hat

OpenShift Developer Tools and Services

Red Hat

OpenShift Pipelines

Red Hat

OpenShift Serverless

Red Hat

Red Hat Ansible Automation Platform 1.2

Red Hat

Red Hat Ansible Automation Platform 1.2

Red Hat

Red Hat Ansible Automation Platform 2

Red Hat

Red Hat Certification for Red Hat Enterprise Linux 8

Red Hat

Red Hat Certification for Red Hat Enterprise Linux 9

Red Hat

Red Hat Enterprise Linux 7

Red Hat

Red Hat Enterprise Linux 7

Red Hat

Red Hat Enterprise Linux 7

Red Hat

Red Hat Enterprise Linux 7

Red Hat

Red Hat Enterprise Linux 7

Red Hat

Red Hat Enterprise Linux 7

Red Hat

Red Hat Enterprise Linux 8

Red Hat

Red Hat Enterprise Linux 8

Red Hat

Red Hat Enterprise Linux 8

Red Hat

Red Hat Enterprise Linux 8

Red Hat

Red Hat Enterprise Linux 8

Red Hat

Red Hat Enterprise Linux 8

Red Hat

Red Hat Enterprise Linux 8

Red Hat

Red Hat Enterprise Linux 8

Red Hat

Red Hat Enterprise Linux 8

Red Hat

Red Hat Enterprise Linux 8

Red Hat

Red Hat Enterprise Linux 9

Red Hat

Red Hat Enterprise Linux 9

Red Hat

Red Hat Enterprise Linux 9

Red Hat

Red Hat Enterprise Linux 9

Red Hat

Red Hat Enterprise Linux 9

Red Hat

Red Hat Enterprise Linux 9

Red Hat

Red Hat OpenShift Container Platform 4

Red Hat

Red Hat OpenShift Container Platform 4

Red Hat

Red Hat OpenShift Container Platform 4

Red Hat

Red Hat OpenShift Container Platform 4

Red Hat

Red Hat OpenShift Container Platform 4

Red Hat

Red Hat OpenShift Container Platform 4

Red Hat

Red Hat OpenShift Container Platform 4

Red Hat

Red Hat Openshift Container Storage 4

Red Hat

Red Hat OpenShift Dev Spaces

Red Hat

Red Hat OpenShift GitOps

Red Hat

Red Hat OpenShift on AWS

Red Hat

Red Hat OpenShift Virtualization 4

Red Hat

Red Hat OpenStack Platform 16.1

Red Hat

Red Hat OpenStack Platform 16.1

Red Hat

Red Hat OpenStack Platform 16.1

Red Hat

Red Hat OpenStack Platform 16.2

Red Hat

Red Hat OpenStack Platform 16.2

Red Hat

Red Hat OpenStack Platform 16.2

Red Hat

Red Hat OpenStack Platform 17.1

Red Hat

Red Hat OpenStack Platform 17.1

Red Hat

Red Hat OpenStack Platform 17.1

Red Hat

Red Hat OpenStack Platform 18.0

Red Hat

Red Hat Service Interconnect 1

Red Hat

Red Hat Service Interconnect 1

Red Hat

Red Hat Service Interconnect 1

Red Hat

Red Hat Software Collections

Red Hat

Red Hat Storage 3

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Memory leaks in code encrypting and verifying RSA payloads

GHSA-78hx-gp6g-7mj6

Advisory Details

Using crafted public RSA keys which are not compliant with SP 800-56B can cause a small memory leak when encrypting and verifying payloads. An attacker can leverage this flaw to gradually erode available memory to the point where the host crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

Affected Packages

Go github.com/golang-fips/go

ECOSYSTEM: ≥0 ≤1.22.1

Go github.com/golang-fips/openssl/v2

ECOSYSTEM: ≥0 <2.0.1

Go github.com/microsoft/go-crypto-openssl

ECOSYSTEM: ≥0 ≤0.2.8

Go github.com/microsoft/go-crypto-openssl/openssl

ECOSYSTEM: ≥0 <0.2.9

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

WEB https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-1394

WEB https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f

WEB https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136

WEB https://access.redhat.com/errata/RHSA-2024:1462

WEB https://access.redhat.com/errata/RHSA-2024:4378

WEB https://access.redhat.com/errata/RHSA-2024:4379

WEB https://access.redhat.com/errata/RHSA-2024:4502

WEB https://access.redhat.com/errata/RHSA-2024:4581

WEB https://access.redhat.com/errata/RHSA-2024:4591

WEB https://access.redhat.com/errata/RHSA-2024:4672

WEB https://access.redhat.com/errata/RHSA-2024:4699

WEB https://access.redhat.com/errata/RHSA-2024:4761

WEB https://access.redhat.com/errata/RHSA-2024:4762

WEB https://access.redhat.com/errata/RHSA-2024:4960

WEB https://access.redhat.com/errata/RHSA-2024:5258

WEB https://access.redhat.com/errata/RHSA-2024:5634

WEB https://access.redhat.com/errata/RHSA-2024:7262

WEB https://access.redhat.com/security/cve/CVE-2024-1394

WEB https://bugzilla.redhat.com/show_bug.cgi?id=2262921

PACKAGE https://github.com/golang-fips/openssl

WEB https://github.com/golang-fips/openssl/releases/tag/v2.0.1

WEB https://github.com/microsoft/go-crypto-openssl/releases/tag/v0.2.9

WEB https://pkg.go.dev/vuln/GO-2024-2660

WEB https://vuln.go.dev/ID/GO-2024-2660.json

WEB https://access.redhat.com/errata/RHSA-2024:1468

WEB https://access.redhat.com/errata/RHSA-2024:1472

WEB https://access.redhat.com/errata/RHSA-2024:1501

WEB https://access.redhat.com/errata/RHSA-2024:1502

WEB https://access.redhat.com/errata/RHSA-2024:1561

WEB https://access.redhat.com/errata/RHSA-2024:1563

WEB https://access.redhat.com/errata/RHSA-2024:1566

WEB https://access.redhat.com/errata/RHSA-2024:1567

WEB https://access.redhat.com/errata/RHSA-2024:1574

WEB https://access.redhat.com/errata/RHSA-2024:1640

WEB https://access.redhat.com/errata/RHSA-2024:1644

WEB https://access.redhat.com/errata/RHSA-2024:1646

WEB https://access.redhat.com/errata/RHSA-2024:1763

WEB https://access.redhat.com/errata/RHSA-2024:1897

WEB https://access.redhat.com/errata/RHSA-2024:2562

WEB https://access.redhat.com/errata/RHSA-2024:2568

WEB https://access.redhat.com/errata/RHSA-2024:2569

WEB https://access.redhat.com/errata/RHSA-2024:2729

WEB https://access.redhat.com/errata/RHSA-2024:2730

WEB https://access.redhat.com/errata/RHSA-2024:2767

WEB https://access.redhat.com/errata/RHSA-2024:3265

WEB https://access.redhat.com/errata/RHSA-2024:3352

WEB https://access.redhat.com/errata/RHSA-2024:4146

WEB https://access.redhat.com/errata/RHSA-2024:4371

Advisory provided by GitHub Security Advisory Database. Published: March 20, 2024, Modified: October 22, 2024

References

https://access.redhat.com/errata/RHSA-2024:1462

https://access.redhat.com/errata/RHSA-2024:1468

https://access.redhat.com/errata/RHSA-2024:1472

https://access.redhat.com/errata/RHSA-2024:1501

https://access.redhat.com/errata/RHSA-2024:1502

https://access.redhat.com/errata/RHSA-2024:1561

https://access.redhat.com/errata/RHSA-2024:1563

https://access.redhat.com/errata/RHSA-2024:1566

https://access.redhat.com/errata/RHSA-2024:1567

https://access.redhat.com/errata/RHSA-2024:1574

https://access.redhat.com/errata/RHSA-2024:1640

https://access.redhat.com/errata/RHSA-2024:1644

https://access.redhat.com/errata/RHSA-2024:1646

https://access.redhat.com/errata/RHSA-2024:1763

https://access.redhat.com/errata/RHSA-2024:1897

https://access.redhat.com/errata/RHSA-2024:2562

https://access.redhat.com/errata/RHSA-2024:2568

https://access.redhat.com/errata/RHSA-2024:2569

https://access.redhat.com/errata/RHSA-2024:2729

https://access.redhat.com/errata/RHSA-2024:2730

https://access.redhat.com/errata/RHSA-2024:2767

https://access.redhat.com/errata/RHSA-2024:3265

https://access.redhat.com/errata/RHSA-2024:3352

https://access.redhat.com/errata/RHSA-2024:4146

https://access.redhat.com/errata/RHSA-2024:4371

https://access.redhat.com/errata/RHSA-2024:4378

https://access.redhat.com/errata/RHSA-2024:4379

https://access.redhat.com/errata/RHSA-2024:4502

https://access.redhat.com/errata/RHSA-2024:4581

https://access.redhat.com/errata/RHSA-2024:4591

https://access.redhat.com/errata/RHSA-2024:4672

https://access.redhat.com/errata/RHSA-2024:4699

https://access.redhat.com/errata/RHSA-2024:4761

https://access.redhat.com/errata/RHSA-2024:4762

https://access.redhat.com/errata/RHSA-2024:4960

https://access.redhat.com/errata/RHSA-2024:5258

https://access.redhat.com/errata/RHSA-2024:5634

https://access.redhat.com/errata/RHSA-2024:7262

https://access.redhat.com/errata/RHSA-2025:7118

https://access.redhat.com/security/cve/CVE-2024-1394

https://bugzilla.redhat.com/show_bug.cgi?id=2262921

https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136

https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6

https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f

https://pkg.go.dev/vuln/GO-2024-2660

https://vuln.go.dev/ID/GO-2024-2660.json

Published: 2024-03-21T12:16:38.790Z

Last Modified: 2025-05-13T08:42:35.425Z

Copied to clipboard!