CVE-2024-1394
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(…)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 | 0:1.4.5-1.el8ap < * | unaffected |
| Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 9 | 0:1.4.5-1.el9ap < * | unaffected |
| Red Hat | Red Hat Developer Tools | 0:1.19.13-6.el7_9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 8090020240313170136.26eb71ac < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:5.1.1-2.el8_9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:9.2.10-8.el8_9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:9.2.10-16.el8_10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 8100020240808093819.afee755d < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:101-2.el8_10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:1.20.12-2.el9_3 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:9.2.10-8.el9_3 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:5.1.1-2.el9_3 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:1.21.9-2.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:9.2.10-16.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:5.1.1-2.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 2:1.33.7-3.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 4:4.9.4-5.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 6:0.7.3-4.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 2:1.14.3-3.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 1:1.4.0-4.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 4:1.1.12-3.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:132-1.el9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 2:4.2.0-4.el9_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 1:1.0.1-6.el9_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | 0:1.19.13-7.el9_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | 2:4.4.1-20.el9_2 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | 1:1.23.4-5.2.rhaos4.12.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | 0:0.16.0-2.2.rhaos4.12.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | 1:1.4.0-1.1.rhaos4.12.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | 0:1.25.3-5.2.rhaos4.12.git44a2cb2.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | 0:1.25.0-2.2.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | 0:2.14.0-5.2.rhaos4.12.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | 0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | 3:4.2.0-7.2.rhaos4.12.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | 3:1.1.6-5.2.rhaos4.12.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | 2:1.9.4-3.2.rhaos4.12.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | 1:1.29.1-2.2.rhaos4.13.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | 1:1.4.0-1.1.rhaos4.13.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | 0:1.26.5-11.1.rhaos4.13.git919cc6e.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | 0:1.26.0-4.1.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | 0:2.15.0-7.1.rhaos4.13.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | 0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | 3:4.4.1-5.2.rhaos4.13.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | 4:1.1.12-1.1.rhaos4.13.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | 2:1.11.2-2.2.rhaos4.13.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:0.19.0-1.3.rhaos4.14.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 1:1.4.0-1.2.rhaos4.14.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:1.27.0-3.1.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:2.16.2-2.1.rhaos4.14.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 3:4.4.1-11.3.rhaos4.14.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 2:1.11.2-10.3.rhaos4.14.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 1:1.29.1-10.4.rhaos4.14.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:0.19.0-1.4.rhaos4.14.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 3:2.1.7-3.4.rhaos4.14.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 1:1.4.0-1.3.rhaos4.14.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:1.27.4-7.2.rhaos4.14.git082c52f.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:1.27.0-3.2.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:2.16.2-2.2.rhaos4.14.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:4.14.0-202404151639.p0.gd2acdd5.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:4.14.0-202404151639.p0.g8926a29.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:4.14.0-202404151639.p0.g607e2dd.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 3:4.4.1-11.4.rhaos4.14.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 4:1.1.12-1.2.rhaos4.14.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 2:1.11.2-10.4.rhaos4.14.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 0:4.14.19-202403280926.p0.gc1f8861.assembly.4.14.19.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 414.92.202407300859-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 1:1.29.1-20.3.rhaos4.15.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 0:0.20.0-1.1.rhaos4.15.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 1:1.4.0-1.2.rhaos4.15.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 0:1.28.4-8.rhaos4.15.git24f50b9.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 0:1.28.0-3.1.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 0:2.16.2-2.1.rhaos4.15.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 0:4.15.0-202403211549.p0.g2e3cca1.assembly.stream.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 3:4.4.1-21.1.rhaos4.15.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 4:1.1.12-1.1.rhaos4.15.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 2:1.11.2-21.2.rhaos4.15.el8 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 0:4.15.6-202403280951.p0.g94b1c2a.assembly.4.15.6.el9 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.15 | 415.92.202407191425-0 < * | unaffected |
| Red Hat | Red Hat OpenStack Platform 16.2 | 0:3.3.23-16.el8ost < * | unaffected |
| Red Hat | Red Hat OpenStack Platform 17.1 for RHEL 8 | 0:0.2.1-3.el8ost < * | unaffected |
| Red Hat | Red Hat OpenStack Platform 17.1 for RHEL 9 | 0:3.4.26-8.el9ost < * | unaffected |
| Red Hat | Red Hat OpenStack Platform 17.1 for RHEL 9 | 0:0.2.1-3.el9ost < * | unaffected |
| Red Hat | RHODF-4.16-RHEL-9 | v4.16.0-137 < * | unaffected |
| Red Hat | RHODF-4.16-RHEL-9 | v4.16.0-38 < * | unaffected |
Weaknesses
- CWE-401: Missing Release of Memory after Effective Lifetime
Workarounds
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2024:1462
- https://access.redhat.com/errata/RHSA-2024:1468
- https://access.redhat.com/errata/RHSA-2024:1472
- https://access.redhat.com/errata/RHSA-2024:1501
- https://access.redhat.com/errata/RHSA-2024:1502
- https://access.redhat.com/errata/RHSA-2024:1561
- https://access.redhat.com/errata/RHSA-2024:1563
- https://access.redhat.com/errata/RHSA-2024:1566
- https://access.redhat.com/errata/RHSA-2024:1567
- https://access.redhat.com/errata/RHSA-2024:1574
- https://access.redhat.com/errata/RHSA-2024:1640
- https://access.redhat.com/errata/RHSA-2024:1644
- https://access.redhat.com/errata/RHSA-2024:1646
- https://access.redhat.com/errata/RHSA-2024:1763
- https://access.redhat.com/errata/RHSA-2024:1897
- https://access.redhat.com/errata/RHSA-2024:2562
- https://access.redhat.com/errata/RHSA-2024:2568
- https://access.redhat.com/errata/RHSA-2024:2569
- https://access.redhat.com/errata/RHSA-2024:2729
- https://access.redhat.com/errata/RHSA-2024:2730
- https://access.redhat.com/errata/RHSA-2024:2767
- https://access.redhat.com/errata/RHSA-2024:3265
- https://access.redhat.com/errata/RHSA-2024:3352
- https://access.redhat.com/errata/RHSA-2024:4146
- https://access.redhat.com/errata/RHSA-2024:4371
- https://access.redhat.com/errata/RHSA-2024:4378
- https://access.redhat.com/errata/RHSA-2024:4379
- https://access.redhat.com/errata/RHSA-2024:4502
- https://access.redhat.com/errata/RHSA-2024:4581
- https://access.redhat.com/errata/RHSA-2024:4591
- https://access.redhat.com/errata/RHSA-2024:4672
- https://access.redhat.com/errata/RHSA-2024:4699
- https://access.redhat.com/errata/RHSA-2024:4761
- https://access.redhat.com/errata/RHSA-2024:4762
- https://access.redhat.com/security/cve/CVE-2024-1394
- https://bugzilla.redhat.com/show_bug.cgi?id=2262921
- https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136
- https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6
- https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f
- https://pkg.go.dev/vuln/GO-2024-2660
- https://vuln.go.dev/ID/GO-2024-2660.json
References
- https://access.redhat.com/errata/RHSA-2024:1462
- https://access.redhat.com/errata/RHSA-2024:1468
- https://access.redhat.com/errata/RHSA-2024:1472
- https://access.redhat.com/errata/RHSA-2024:1501
- https://access.redhat.com/errata/RHSA-2024:1502
- https://access.redhat.com/errata/RHSA-2024:1561
- https://access.redhat.com/errata/RHSA-2024:1563
- https://access.redhat.com/errata/RHSA-2024:1566
- https://access.redhat.com/errata/RHSA-2024:1567
- https://access.redhat.com/errata/RHSA-2024:1574
- https://access.redhat.com/errata/RHSA-2024:1640
- https://access.redhat.com/errata/RHSA-2024:1644
- https://access.redhat.com/errata/RHSA-2024:1646
- https://access.redhat.com/errata/RHSA-2024:1763
- https://access.redhat.com/errata/RHSA-2024:1897
- https://access.redhat.com/errata/RHSA-2024:2562
- https://access.redhat.com/errata/RHSA-2024:2568
- https://access.redhat.com/errata/RHSA-2024:2569
- https://access.redhat.com/errata/RHSA-2024:2729
- https://access.redhat.com/errata/RHSA-2024:2730
- https://access.redhat.com/errata/RHSA-2024:2767
- https://access.redhat.com/errata/RHSA-2024:3265
- https://access.redhat.com/errata/RHSA-2024:3352
- https://access.redhat.com/errata/RHSA-2024:4146
- https://access.redhat.com/errata/RHSA-2024:4371
- https://access.redhat.com/errata/RHSA-2024:4378
- https://access.redhat.com/errata/RHSA-2024:4379
- https://access.redhat.com/errata/RHSA-2024:4502
- https://access.redhat.com/errata/RHSA-2024:4581
- https://access.redhat.com/errata/RHSA-2024:4591
- https://access.redhat.com/errata/RHSA-2024:4672
- https://access.redhat.com/errata/RHSA-2024:4699
- https://access.redhat.com/errata/RHSA-2024:4761
- https://access.redhat.com/errata/RHSA-2024:4762
- https://access.redhat.com/errata/RHSA-2024:4960
- https://access.redhat.com/errata/RHSA-2024:5258
- https://access.redhat.com/errata/RHSA-2024:5634
- https://access.redhat.com/errata/RHSA-2024:7262
- https://access.redhat.com/errata/RHSA-2025:7118
- https://access.redhat.com/security/cve/CVE-2024-1394
- https://bugzilla.redhat.com/show_bug.cgi?id=2262921
- https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136
- https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6
- https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f
- https://pkg.go.dev/vuln/GO-2024-2660
- https://vuln.go.dev/ID/GO-2024-2660.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.