[GO-2024-2660] Memory leak in github.com/golang-fips/openssl/v2 and github.com/microsoft/go-crypto-openssl
Severity
High
Affected Packages
2
Fixed Packages
2
CVEs
1
Using crafted public RSA keys can cause a small memory leak when encrypting and
verifying payloads. This can be gradually leveraged into a denial of service
attack.
Package | Affected Version |
---|---|
pkg:golang/github.com/microsoft/go-crypto-openssl/openssl | >= 0.2.8, < 0.2.9 |
pkg:golang/github.com/golang-fips/openssl/v2 | >= 2.0.0, < 2.0.1 |
Package | Fixed Version |
---|---|
pkg:golang/github.com/microsoft/go-crypto-openssl/openssl | = 0.2.9 |
pkg:golang/github.com/golang-fips/openssl/v2 | = 2.0.1 |
- ID
- GO-2024-2660
- Severity
- high
- Severity from
- CVE-2024-1394
- URL
- https://pkg.go.dev/vuln/GO-2024-2660
- Published
-
2024-03-21T20:13:40
(6 months ago) - Modified
-
2024-05-14T19:19:00
(4 months ago) - Other Advisories
-
- ALSA-2024:1462
- ALSA-2024:1472
- ALSA-2024:1501
- ALSA-2024:1502
- ALSA-2024:1644
- ALSA-2024:1646
- ALSA-2024:2562
- ALSA-2024:2568
- ALSA-2024:2569
- ALSA-2024:3265
- ALSA-2024:4371
- ALSA-2024:4378
- ALSA-2024:4379
- ALSA-2024:4502
- ALSA-2024:4761
- ALSA-2024:4762
- ALSA-2024:5258
- ELSA-2024-1462
- ELSA-2024-1472
- ELSA-2024-1501
- ELSA-2024-1502
- ELSA-2024-1644
- ELSA-2024-1646
- ELSA-2024-2562
- ELSA-2024-2568
- ELSA-2024-2569
- ELSA-2024-3265
- ELSA-2024-4371
- ELSA-2024-4378
- ELSA-2024-4379
- ELSA-2024-4502
- ELSA-2024-4761
- ELSA-2024-4762
- ELSA-2024-5258
- RHSA-2024:1462
- RHSA-2024:1472
- RHSA-2024:1501
- RHSA-2024:1502
- RHSA-2024:1644
- RHSA-2024:1646
- RHSA-2024:2562
- RHSA-2024:2568
- RHSA-2024:2569
- RHSA-2024:3265
- RHSA-2024:4371
- RHSA-2024:4378
- RHSA-2024:4379
- RHSA-2024:4502
- RHSA-2024:4761
- RHSA-2024:4762
- RHSA-2024:5258
- RLSA-2024:1502
- RLSA-2024:1644
- RLSA-2024:1646
- RLSA-2024:2562
- RLSA-2024:2568
- RLSA-2024:2569
- RLSA-2024:3265
- RLSA-2024:4502
Source | # ID | Name | URL |
---|---|---|---|
Security Advisory | https://github.com/advisories/GHSA-78hx-gp6g-7mj6 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:golang/github.com/microsoft/go-crypto-openssl/openssl | github.com/microsoft/go-crypto-openssl | openssl | = 0.2.9 | |||
Affected | pkg:golang/github.com/microsoft/go-crypto-openssl/openssl | github.com/microsoft/go-crypto-openssl | openssl | >= 0.2.8 < 0.2.9 | |||
Fixed | pkg:golang/github.com/golang-fips/openssl/v2 | github.com/golang-fips/openssl | v2 | = 2.0.1 | |||
Affected | pkg:golang/github.com/golang-fips/openssl/v2 | github.com/golang-fips/openssl | v2 | >= 2.0.0 < 2.0.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |