vulnerability

Alma Linux: CVE-2024-1394: Important: golang security update (Multiple Advisories)

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Mar 21, 2024
Added
Mar 25, 2024
Modified
Mar 31, 2026

Description

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.

Solutions

alma-upgrade-aardvark-dnsalma-upgrade-buildahalma-upgrade-buildah-testsalma-upgrade-cockpit-podmanalma-upgrade-conmonalma-upgrade-container-selinuxalma-upgrade-containernetworking-pluginsalma-upgrade-containers-commonalma-upgrade-critalma-upgrade-criualma-upgrade-criu-develalma-upgrade-criu-libsalma-upgrade-crunalma-upgrade-delvealma-upgrade-fuse-overlayfsalma-upgrade-go-toolsetalma-upgrade-golangalma-upgrade-golang-binalma-upgrade-golang-docsalma-upgrade-golang-miscalma-upgrade-golang-srcalma-upgrade-golang-testsalma-upgrade-grafanaalma-upgrade-grafana-pcpalma-upgrade-grafana-selinuxalma-upgrade-gvisor-tap-vsockalma-upgrade-libslirpalma-upgrade-libslirp-develalma-upgrade-netavarkalma-upgrade-oci-seccomp-bpf-hookalma-upgrade-osbuildalma-upgrade-osbuild-composeralma-upgrade-osbuild-composer-corealma-upgrade-osbuild-composer-workeralma-upgrade-osbuild-depsolve-dnfalma-upgrade-osbuild-luks2alma-upgrade-osbuild-lvm2alma-upgrade-osbuild-ostreealma-upgrade-osbuild-selinuxalma-upgrade-podmanalma-upgrade-podman-catatonitalma-upgrade-podman-dockeralma-upgrade-podman-gvproxyalma-upgrade-podman-pluginsalma-upgrade-podman-remotealma-upgrade-podman-testsalma-upgrade-python3-criualma-upgrade-python3-osbuildalma-upgrade-python3-podmanalma-upgrade-runcalma-upgrade-skopeoalma-upgrade-skopeo-testsalma-upgrade-slirp4netnsalma-upgrade-toolboxalma-upgrade-toolbox-testsalma-upgrade-udica

References

    Title
    NEW

    Explore Exposure Command

    Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

    Try it today