Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-1394

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-21 Mar, 2024 | 12:16
Updated At-28 Aug, 2025 | 18:16
Rejected At-
Credits

Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:21 Mar, 2024 | 12:16
Updated At:28 Aug, 2025 | 18:16
Rejected At:
▼CVE Numbering Authority (CNA)
Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.4 for RHEL 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
receptor
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.4::el9
  • cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
  • cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
  • cpe:/a:redhat:ansible_automation_platform:2.4::el8
  • cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
  • cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
Default Status
affected
Versions
Unaffected
  • From 0:1.4.5-1.el8ap before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.4 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
receptor
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.4::el9
  • cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
  • cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
  • cpe:/a:redhat:ansible_automation_platform:2.4::el8
  • cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
  • cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
Default Status
affected
Versions
Unaffected
  • From 0:1.4.5-1.el9ap before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Developer Tools
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
go-toolset-1.19-golang
CPEs
  • cpe:/a:redhat:devtools:2023::el7
Default Status
affected
Versions
Unaffected
  • From 0:1.19.13-6.el7_9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
go-toolset:rhel8
CPEs
  • cpe:/a:redhat:enterprise_linux:8::appstream
Default Status
affected
Versions
Unaffected
  • From 8090020240313170136.26eb71ac before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
grafana-pcp
CPEs
  • cpe:/a:redhat:enterprise_linux:8::appstream
Default Status
affected
Versions
Unaffected
  • From 0:5.1.1-2.el8_9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
grafana
CPEs
  • cpe:/a:redhat:enterprise_linux:8::appstream
Default Status
affected
Versions
Unaffected
  • From 0:9.2.10-8.el8_9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
grafana
CPEs
  • cpe:/a:redhat:enterprise_linux:8::appstream
Default Status
affected
Versions
Unaffected
  • From 0:9.2.10-16.el8_10 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
container-tools:rhel8
CPEs
  • cpe:/a:redhat:enterprise_linux:8::appstream
Default Status
affected
Versions
Unaffected
  • From 8100020240808093819.afee755d before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
osbuild-composer
CPEs
  • cpe:/a:redhat:enterprise_linux:8::appstream
Default Status
affected
Versions
Unaffected
  • From 0:101-2.el8_10 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
golang
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 0:1.20.12-2.el9_3 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
grafana
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 0:9.2.10-8.el9_3 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
grafana-pcp
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 0:5.1.1-2.el9_3 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
golang
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 0:1.21.9-2.el9_4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
grafana
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 0:9.2.10-16.el9_4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
grafana-pcp
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 0:5.1.1-2.el9_4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
buildah
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 2:1.33.7-3.el9_4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
podman
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 4:4.9.4-5.el9_4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
gvisor-tap-vsock
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 6:0.7.3-4.el9_4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
skopeo
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 2:1.14.3-3.el9_4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
containernetworking-plugins
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 1:1.4.0-4.el9_4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
runc
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 4:1.1.12-3.el9_4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
osbuild-composer
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 0:132-1.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
podman
CPEs
  • cpe:/a:redhat:rhel_e4s:9.0::appstream
Default Status
affected
Versions
Unaffected
  • From 2:4.2.0-4.el9_0 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
containernetworking-plugins
CPEs
  • cpe:/a:redhat:rhel_e4s:9.0::appstream
Default Status
affected
Versions
Unaffected
  • From 1:1.0.1-6.el9_0 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9.2 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
golang
CPEs
  • cpe:/a:redhat:rhel_eus:9.2::appstream
Default Status
affected
Versions
Unaffected
  • From 0:1.19.13-7.el9_2 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9.2 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
podman
CPEs
  • cpe:/a:redhat:rhel_eus:9.2::appstream
Default Status
affected
Versions
Unaffected
  • From 2:4.4.1-20.el9_2 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.12
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
buildah
CPEs
  • cpe:/a:redhat:openshift:4.12::el9
  • cpe:/a:redhat:openshift:4.12::el8
Default Status
affected
Versions
Unaffected
  • From 1:1.23.4-5.2.rhaos4.12.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.12
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
butane
CPEs
  • cpe:/a:redhat:openshift:4.12::el9
  • cpe:/a:redhat:openshift:4.12::el8
Default Status
affected
Versions
Unaffected
  • From 0:0.16.0-2.2.rhaos4.12.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.12
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
containernetworking-plugins
CPEs
  • cpe:/a:redhat:openshift:4.12::el9
  • cpe:/a:redhat:openshift:4.12::el8
Default Status
affected
Versions
Unaffected
  • From 1:1.4.0-1.1.rhaos4.12.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.12
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
cri-o
CPEs
  • cpe:/a:redhat:openshift:4.12::el9
  • cpe:/a:redhat:openshift:4.12::el8
Default Status
affected
Versions
Unaffected
  • From 0:1.25.3-5.2.rhaos4.12.git44a2cb2.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.12
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
cri-tools
CPEs
  • cpe:/a:redhat:openshift:4.12::el9
  • cpe:/a:redhat:openshift:4.12::el8
Default Status
affected
Versions
Unaffected
  • From 0:1.25.0-2.2.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.12
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ignition
CPEs
  • cpe:/a:redhat:openshift:4.12::el9
  • cpe:/a:redhat:openshift:4.12::el8
Default Status
affected
Versions
Unaffected
  • From 0:2.14.0-5.2.rhaos4.12.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.12
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-clients
CPEs
  • cpe:/a:redhat:openshift:4.12::el9
  • cpe:/a:redhat:openshift:4.12::el8
Default Status
affected
Versions
Unaffected
  • From 0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.12
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
podman
CPEs
  • cpe:/a:redhat:openshift:4.12::el9
  • cpe:/a:redhat:openshift:4.12::el8
Default Status
affected
Versions
Unaffected
  • From 3:4.4.1-2.1.rhaos4.12.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.12
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
runc
CPEs
  • cpe:/a:redhat:openshift:4.12::el9
  • cpe:/a:redhat:openshift:4.12::el8
Default Status
affected
Versions
Unaffected
  • From 3:1.1.6-5.2.rhaos4.12.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.12
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
skopeo
CPEs
  • cpe:/a:redhat:openshift:4.12::el9
  • cpe:/a:redhat:openshift:4.12::el8
Default Status
affected
Versions
Unaffected
  • From 2:1.9.4-3.2.rhaos4.12.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.13
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
buildah
CPEs
  • cpe:/a:redhat:openshift:4.13::el9
  • cpe:/a:redhat:openshift:4.13::el8
Default Status
affected
Versions
Unaffected
  • From 1:1.29.1-2.2.rhaos4.13.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.13
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
containernetworking-plugins
CPEs
  • cpe:/a:redhat:openshift:4.13::el9
  • cpe:/a:redhat:openshift:4.13::el8
Default Status
affected
Versions
Unaffected
  • From 1:1.4.0-1.1.rhaos4.13.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.13
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
cri-o
CPEs
  • cpe:/a:redhat:openshift:4.13::el9
  • cpe:/a:redhat:openshift:4.13::el8
Default Status
affected
Versions
Unaffected
  • From 0:1.26.5-11.1.rhaos4.13.git919cc6e.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.13
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
cri-tools
CPEs
  • cpe:/a:redhat:openshift:4.13::el9
  • cpe:/a:redhat:openshift:4.13::el8
Default Status
affected
Versions
Unaffected
  • From 0:1.26.0-4.2.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.13
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ignition
CPEs
  • cpe:/a:redhat:openshift:4.13::el9
  • cpe:/a:redhat:openshift:4.13::el8
Default Status
affected
Versions
Unaffected
  • From 0:2.15.0-7.1.rhaos4.13.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.13
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-clients
CPEs
  • cpe:/a:redhat:openshift:4.13::el9
  • cpe:/a:redhat:openshift:4.13::el8
Default Status
affected
Versions
Unaffected
  • From 0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.13
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
podman
CPEs
  • cpe:/a:redhat:openshift:4.13::el9
  • cpe:/a:redhat:openshift:4.13::el8
Default Status
affected
Versions
Unaffected
  • From 3:4.4.1-6.2.rhaos4.13.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.13
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
runc
CPEs
  • cpe:/a:redhat:openshift:4.13::el9
  • cpe:/a:redhat:openshift:4.13::el8
Default Status
affected
Versions
Unaffected
  • From 4:1.1.12-1.1.rhaos4.13.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.13
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
skopeo
CPEs
  • cpe:/a:redhat:openshift:4.13::el9
  • cpe:/a:redhat:openshift:4.13::el8
Default Status
affected
Versions
Unaffected
  • From 2:1.11.2-2.2.rhaos4.13.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
butane
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:0.19.0-1.3.rhaos4.14.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
containernetworking-plugins
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 1:1.4.0-1.2.rhaos4.14.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
cri-o
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
cri-tools
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:1.27.0-3.1.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ignition
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:2.16.2-2.1.rhaos4.14.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-clients
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ose-aws-ecr-image-credential-provider
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
podman
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 3:4.4.1-11.3.rhaos4.14.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
skopeo
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 2:1.11.2-10.3.rhaos4.14.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
buildah
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 1:1.29.1-10.4.rhaos4.14.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
butane
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:0.19.0-1.4.rhaos4.14.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
conmon
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 3:2.1.7-3.4.rhaos4.14.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
containernetworking-plugins
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 1:1.4.0-1.3.rhaos4.14.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
cri-o
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:1.27.4-7.2.rhaos4.14.git082c52f.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
cri-tools
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:1.27.0-3.2.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ignition
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:2.16.2-2.2.rhaos4.14.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift4-aws-iso
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:4.14.0-202404151639.p0.gd2acdd5.assembly.stream.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-ansible
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-clients
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-kuryr
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:4.14.0-202404151639.p0.g8926a29.assembly.stream.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ose-aws-ecr-image-credential-provider
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:4.14.0-202404151639.p0.g607e2dd.assembly.stream.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
podman
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 3:4.4.1-11.4.rhaos4.14.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
runc
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 4:1.1.12-1.2.rhaos4.14.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
skopeo
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 2:1.11.2-10.4.rhaos4.14.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
microshift
CPEs
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 0:4.14.19-202403280926.p0.gc1f8861.assembly.4.14.19.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.14
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhcos
CPEs
  • cpe:/a:redhat:openshift:4.14::el8
  • cpe:/a:redhat:openshift:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 414.92.202407300859-0 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.15
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
buildah
CPEs
  • cpe:/a:redhat:openshift:4.15::el8
  • cpe:/a:redhat:openshift:4.15::el9
Default Status
affected
Versions
Unaffected
  • From 1:1.29.1-20.3.rhaos4.15.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.15
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
butane
CPEs
  • cpe:/a:redhat:openshift:4.15::el8
  • cpe:/a:redhat:openshift:4.15::el9
Default Status
affected
Versions
Unaffected
  • From 0:0.20.0-1.1.rhaos4.15.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.15
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
containernetworking-plugins
CPEs
  • cpe:/a:redhat:openshift:4.15::el8
  • cpe:/a:redhat:openshift:4.15::el9
Default Status
affected
Versions
Unaffected
  • From 1:1.4.0-1.2.rhaos4.15.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.15
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
cri-o
CPEs
  • cpe:/a:redhat:openshift:4.15::el8
  • cpe:/a:redhat:openshift:4.15::el9
Default Status
affected
Versions
Unaffected
  • From 0:1.28.4-8.rhaos4.15.git24f50b9.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.15
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
cri-tools
CPEs
  • cpe:/a:redhat:openshift:4.15::el8
  • cpe:/a:redhat:openshift:4.15::el9
Default Status
affected
Versions
Unaffected
  • From 0:1.28.0-3.1.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.15
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ignition
CPEs
  • cpe:/a:redhat:openshift:4.15::el8
  • cpe:/a:redhat:openshift:4.15::el9
Default Status
affected
Versions
Unaffected
  • From 0:2.16.2-2.1.rhaos4.15.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.15
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-clients
CPEs
  • cpe:/a:redhat:openshift:4.15::el8
  • cpe:/a:redhat:openshift:4.15::el9
Default Status
affected
Versions
Unaffected
  • From 0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.15
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ose-aws-ecr-image-credential-provider
CPEs
  • cpe:/a:redhat:openshift:4.15::el8
  • cpe:/a:redhat:openshift:4.15::el9
Default Status
affected
Versions
Unaffected
  • From 0:4.15.0-202403211549.p0.g2e3cca1.assembly.stream.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.15
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
podman
CPEs
  • cpe:/a:redhat:openshift:4.15::el8
  • cpe:/a:redhat:openshift:4.15::el9
Default Status
affected
Versions
Unaffected
  • From 3:4.4.1-21.1.rhaos4.15.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.15
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
runc
CPEs
  • cpe:/a:redhat:openshift:4.15::el8
  • cpe:/a:redhat:openshift:4.15::el9
Default Status
affected
Versions
Unaffected
  • From 4:1.1.12-1.1.rhaos4.15.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.15
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
skopeo
CPEs
  • cpe:/a:redhat:openshift:4.15::el8
  • cpe:/a:redhat:openshift:4.15::el9
Default Status
affected
Versions
Unaffected
  • From 2:1.11.2-21.2.rhaos4.15.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.15
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
microshift
CPEs
  • cpe:/a:redhat:openshift:4.15::el9
Default Status
affected
Versions
Unaffected
  • From 0:4.15.6-202403280951.p0.g94b1c2a.assembly.4.15.6.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4.15
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhcos
CPEs
  • cpe:/a:redhat:openshift:4.15::el8
  • cpe:/a:redhat:openshift:4.15::el9
Default Status
affected
Versions
Unaffected
  • From 415.92.202407191425-0 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 16.2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
etcd
CPEs
  • cpe:/a:redhat:openstack:16.2::el8
Default Status
affected
Versions
Unaffected
  • From 0:3.3.23-16.el8ost before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 17.1 for RHEL 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
collectd-sensubility
CPEs
  • cpe:/a:redhat:openstack:17.1::el8
Default Status
affected
Versions
Unaffected
  • From 0:0.2.1-3.el8ost before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 17.1 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
etcd
CPEs
  • cpe:/a:redhat:openstack:17.1::el9
Default Status
affected
Versions
Unaffected
  • From 0:3.4.26-8.el9ost before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 17.1 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
collectd-sensubility
CPEs
  • cpe:/a:redhat:openstack:17.1::el9
Default Status
affected
Versions
Unaffected
  • From 0:0.2.1-3.el9ost before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHODF-4.16-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/mcg-operator-bundle
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.16::el9
Default Status
affected
Versions
Unaffected
  • From v4.16.0-137 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHODF-4.16-RHEL-9
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
odf4/mcg-rhel9-operator
CPEs
  • cpe:/a:redhat:openshift_data_foundation:4.16::el9
Default Status
affected
Versions
Unaffected
  • From v4.16.0-38 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
NBDE Tang Server
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
tang-operator-bundle-container
CPEs
  • cpe:/a:redhat:network_bound_disk_encryption_tang:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
OpenShift Developer Tools and Services
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
helm
CPEs
  • cpe:/a:redhat:ocp_tools
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
OpenShift Developer Tools and Services
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
odo
CPEs
  • cpe:/a:redhat:ocp_tools
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
OpenShift Pipelines
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-pipelines-client
CPEs
  • cpe:/a:redhat:openshift_pipelines:1
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
OpenShift Serverless
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-serverless-clients
CPEs
  • cpe:/a:redhat:serverless:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 1.2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
helm
CPEs
  • cpe:/a:redhat:ansible_automation_platform
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 1.2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-clients
CPEs
  • cpe:/a:redhat:ansible_automation_platform
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-clients
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Certification for Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
redhat-certification-preflight
CPEs
  • cpe:/a:redhat:certifications:1::el8
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Certification Program for Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
redhat-certification-preflight
CPEs
  • cpe:/a:redhat:certifications:9::el9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
buildah
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
containernetworking-plugins
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
host-metering
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
podman
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhc-worker-script
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
skopeo
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
container-tools:4.0/buildah
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
container-tools:4.0/conmon
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
container-tools:4.0/containernetworking-plugins
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
container-tools:4.0/podman
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
container-tools:4.0/runc
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
container-tools:4.0/skopeo
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
container-tools:4.0/toolbox
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
git-lfs
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhc
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
weldr-client
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
butane
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
conmon
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
git-lfs
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ignition
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
toolbox
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
weldr-client
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
conmon-rs
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
golang-github-prometheus-promu
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
lifecycle-agent-operator-bundle-container
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift4/bare-metal-event-relay-operator-bundle
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift4/numaresources-operator-bundle
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift4/ose-cluster-machine-approver-rhel9
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhcos
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Openshift Container Storage 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
mcg
CPEs
  • cpe:/a:redhat:openshift_container_storage:4
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Dev Spaces
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
devspaces/machineexec-rhel8
CPEs
  • cpe:/a:redhat:openshift_devspaces:3:
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift GitOps
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
openshift-gitops-1/gitops-operator-bundle
CPEs
  • cpe:/a:redhat:openshift_gitops:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift on AWS
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rosa
CPEs
  • cpe:/a:redhat:openshift_service_on_aws:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Virtualization 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
kubevirt
CPEs
  • cpe:/a:redhat:container_native_virtualization:4
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 16.1
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
etcd
CPEs
  • cpe:/a:redhat:openstack:16.1
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 16.1
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
golang-qpid-apache
CPEs
  • cpe:/a:redhat:openstack:16.1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 16.1
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
qpid-proton
CPEs
  • cpe:/a:redhat:openstack:16.1
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 16.2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
golang-github-infrawatch-apputils
CPEs
  • cpe:/a:redhat:openstack:16.2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 16.2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
golang-qpid-apache
CPEs
  • cpe:/a:redhat:openstack:16.2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 16.2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
qpid-proton
CPEs
  • cpe:/a:redhat:openstack:16.2
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 17.1
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
golang-github-infrawatch-apputils
CPEs
  • cpe:/a:redhat:openstack:17.1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 17.1
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
golang-qpid-apache
CPEs
  • cpe:/a:redhat:openstack:17.1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 17.1
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
qpid-proton
CPEs
  • cpe:/a:redhat:openstack:17.1
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenStack Platform 18.0
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
etcd
CPEs
  • cpe:/a:redhat:openstack:18.0
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Service Interconnect 1
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
qpid-proton
CPEs
  • cpe:/a:redhat:service_interconnect:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Service Interconnect 1
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
skupper-cli
CPEs
  • cpe:/a:redhat:service_interconnect:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Service Interconnect 1
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
skupper-router
CPEs
  • cpe:/a:redhat:service_interconnect:1
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Software Collections
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rh-git227-git-lfs
CPEs
  • cpe:/a:redhat:rhel_software_collections:3
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Storage 3
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
heketi
CPEs
  • cpe:/a:redhat:storage:3
Default Status
unknown
Problem Types
TypeCWE IDDescription
CWECWE-401Missing Release of Memory after Effective Lifetime
Type: CWE
CWE ID: CWE-401
Description: Missing Release of Memory after Effective Lifetime
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Exploits
Credits
Red Hat would like to thank @qmuntal and @r3kumar for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2024-02-06 00:00:00
Made public.2024-03-20 00:00:00
Event: Reported to Red Hat.
Date: 2024-02-06 00:00:00
Event: Made public.
Date: 2024-03-20 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2024:1462
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1468
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1472
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1501
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1502
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1561
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1563
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1566
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1567
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1574
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1640
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1644
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1646
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1763
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1897
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2562
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2568
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2569
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2729
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2730
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2767
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3265
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3352
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4146
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4371
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4378
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4379
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4502
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4581
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4591
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4672
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4699
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4761
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4762
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4960
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:5258
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:5634
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:7262
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:7118
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-1394
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2262921
issue-tracking
x_refsource_REDHAT
https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136
N/A
https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6
N/A
https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f
N/A
https://pkg.go.dev/vuln/GO-2024-2660
N/A
https://vuln.go.dev/ID/GO-2024-2660.json
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1462
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1468
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1472
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1501
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1502
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1561
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1563
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1566
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1567
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1574
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1640
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1644
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1646
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1763
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1897
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2562
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2568
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2569
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2729
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2730
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2767
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:3265
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:3352
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4146
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4371
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4378
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4379
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4502
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4581
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4591
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4672
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4699
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4761
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4762
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4960
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:5258
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:5634
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:7262
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:7118
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2024-1394
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2262921
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136
Resource: N/A
Hyperlink: https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6
Resource: N/A
Hyperlink: https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f
Resource: N/A
Hyperlink: https://pkg.go.dev/vuln/GO-2024-2660
Resource: N/A
Hyperlink: https://vuln.go.dev/ID/GO-2024-2660.json
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2024:1462
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1468
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1472
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1501
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1502
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1561
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1563
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1566
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1567
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1574
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1640
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1644
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1646
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1763
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1897
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:2562
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:2568
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:2569
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:2729
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:2730
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:2767
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:3265
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:3352
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:4146
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:4371
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:4378
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:4379
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:4502
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:4581
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:4591
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:4672
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:4699
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:4761
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:4762
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/security/cve/CVE-2024-1394
vdb-entry
x_refsource_REDHAT
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=2262921
issue-tracking
x_refsource_REDHAT
x_transferred
https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136
x_transferred
https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6
x_transferred
https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f
x_transferred
https://pkg.go.dev/vuln/GO-2024-2660
x_transferred
https://vuln.go.dev/ID/GO-2024-2660.json
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1462
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1468
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1472
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1501
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1502
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1561
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1563
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1566
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1567
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1574
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1640
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1644
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1646
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1763
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1897
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2562
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2568
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2569
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2729
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2730
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2767
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:3265
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:3352
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4146
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4371
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4378
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4379
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4502
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4581
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4591
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4672
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4699
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4761
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4762
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/security/cve/CVE-2024-1394
Resource:
vdb-entry
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2262921
Resource:
issue-tracking
x_refsource_REDHAT
x_transferred
Hyperlink: https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136
Resource:
x_transferred
Hyperlink: https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6
Resource:
x_transferred
Hyperlink: https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f
Resource:
x_transferred
Hyperlink: https://pkg.go.dev/vuln/GO-2024-2660
Resource:
x_transferred
Hyperlink: https://vuln.go.dev/ID/GO-2024-2660.json
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:21 Mar, 2024 | 13:00
Updated At:13 May, 2025 | 09:15

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-401Secondarysecalert@redhat.com
CWE ID: CWE-401
Type: Secondary
Source: secalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2024:1462secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1468secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1472secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1501secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1502secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1561secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1563secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1566secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1567secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1574secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1640secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1644secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1646secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1763secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1897secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:2562secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:2568secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:2569secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:2729secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:2730secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:2767secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:3265secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:3352secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:4146secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:4371secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:4378secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:4379secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:4502secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:4581secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:4591secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:4672secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:4699secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:4761secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:4762secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:4960secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:5258secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:5634secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:7262secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:7118secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2024-1394secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2262921secalert@redhat.com
N/A
https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136secalert@redhat.com
N/A
https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6secalert@redhat.com
N/A
https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259fsecalert@redhat.com
N/A
https://pkg.go.dev/vuln/GO-2024-2660secalert@redhat.com
N/A
https://vuln.go.dev/ID/GO-2024-2660.jsonsecalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1462af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1468af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1472af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1501af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1502af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1561af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1563af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1566af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1567af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1574af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1640af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1644af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1646af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1763af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1897af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:2562af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:2568af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:2569af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:2729af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:2730af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:2767af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:3265af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:3352af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:4146af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:4371af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:4378af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:4379af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:4502af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:4581af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:4591af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:4672af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:4699af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:4761af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:4762af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/security/cve/CVE-2024-1394af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2262921af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259faf854a3a-2127-422b-91ae-364da2661108
N/A
https://pkg.go.dev/vuln/GO-2024-2660af854a3a-2127-422b-91ae-364da2661108
N/A
https://vuln.go.dev/ID/GO-2024-2660.jsonaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1462
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1468
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1472
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1501
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1502
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1561
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1563
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1566
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1567
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1574
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1640
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1644
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1646
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1763
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1897
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2562
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2568
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2569
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2729
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2730
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2767
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:3265
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:3352
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4146
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4371
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4378
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4379
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4502
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4581
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4591
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4672
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4699
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4761
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4762
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4960
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:5258
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:5634
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:7262
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:7118
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2024-1394
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2262921
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://pkg.go.dev/vuln/GO-2024-2660
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://vuln.go.dev/ID/GO-2024-2660.json
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1462
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1468
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1472
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1501
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1502
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1561
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1563
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1566
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1567
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1574
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1640
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1644
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1646
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1763
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1897
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2562
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2568
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2569
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2729
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2730
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2767
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:3265
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:3352
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4146
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4371
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4378
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4379
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4502
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4581
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4591
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4672
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4699
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4761
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4762
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2024-1394
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2262921
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://pkg.go.dev/vuln/GO-2024-2660
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://vuln.go.dev/ID/GO-2024-2660.json
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

285Records found
CVE-2019-19956
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.86%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 15:12
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Canonical Ltd.Fedora ProjectSiemens AGlibxml2 (XMLSoft)Debian GNU/Linux
Product-ubuntu_linuxclustered_data_ontapdebian_linuxmanageability_software_development_kitsinema_remote_connect_serverontap_select_deploy_administration_utilityfedoraactive_iq_unified_managerlibxml2clustered_data_ontap_antivirus_connectorreal_user_experience_insightsteelstore_cloud_integrated_storagen/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-19079
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.22% / 78.24%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 05:24
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-19049
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.60%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 05:23
Updated-07 Mar, 2025 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a. NOTE: third parties dispute the relevance of this because unittest.c can only be reached during boot

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, Inc
Product-leaplinux_kerneln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-19053
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.25%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 05:23
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.

Action-Not Available
Vendor-n/aBroadcom Inc.NetApp, Inc.Linux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxfas\/aff_baseboard_management_controllercloud_backupsolidfire_\&_hci_management_nodeactive_iq_unified_managerhci_baseboard_management_controllerhci_compute_nodesolidfire_baseboard_management_controlleraff_baseboard_management_controllersteelstore_cloud_integrated_storagelinux_kernele-series_santricity_os_controllersolidfire\,_enterprise_sds_\&_hci_storage_nodehci_compute_node_firmwaresolidfire_baseboard_management_controller_firmwarebrocade_fabric_operating_system_firmwaredata_availability_servicesn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-19075
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.84% / 73.87%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 05:24
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-19050
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.91% / 74.88%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 05:23
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.Broadcom Inc.NetApp, Inc.Linux Kernel Organization, Inc
Product-ubuntu_linuxfas8700_firmwarehci_storage_nodeactive_iq_unified_managerfas8300aff_a400_firmwareh610s_firmwarehci_compute_nodeaff_a700ssolidfiresteelstore_cloud_integrated_storageh610slinux_kernelhci_management_nodeaff_a700s_firmwarefedorae-series_santricity_os_controlleraff_a400fabric_operating_systemfas8700fas8300_firmwaredata_availability_servicesn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-19078
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.34% / 86.79%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 05:24
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-19064
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 65.64%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 05:24
Updated-05 May, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering pm_runtime_get_sync() failures, aka CID-057b8945f78f. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control these failures at probe time

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFedora Project
Product-linux_kernelfedoran/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-19071
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 75.44%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 05:24
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-19074
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.75%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 05:24
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-19070
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.60%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 05:24
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, Inc
Product-fedoralinux_kerneln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-2618
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.61%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 05:31
Updated-02 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak

A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.

Action-Not Available
Vendor-opencvOpenCV
Product-opencvwechat_qrcode Module
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-18813
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.24% / 78.45%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 15:28
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-18810
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.22% / 78.24%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 15:29
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering drm_writeback_connector_init() failures, aka CID-a0ecd6fdbf5d.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-25566
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.17%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 17:35
Updated-10 Mar, 2025 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GSS-NTLMSSP vulnerable to memory leak when parsing usernames

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0.

Action-Not Available
Vendor-gss-ntlmssp_projectgssapi
Product-gss-ntlmsspgss-ntlmssp
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-15916
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.62% / 85.11%
||
7 Day CHG~0.00%
Published-04 Sep, 2019 | 14:58
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-14559
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.69% / 70.81%
||
7 Day CHG~0.00%
Published-23 Nov, 2020 | 15:50
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

Action-Not Available
Vendor-tianocoren/a
Product-edk2Extensible Firmware Interface Development Kit (EDK II)
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-37046
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.89%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 15:45
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-0059
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.18%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: The routing protocol process (rpd) may crash and generate core files upon receipt of specific valid BGP states from a peered host.

A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-42477
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.00%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 15:02
Updated-15 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
llama.cpp global-buffer-overflow in ggml_type_size

llama.cpp provides LLM inference in C/C++. The unsafe `type` member in the `rpc_tensor` structure can cause `global-buffer-overflow`. This vulnerability may lead to memory data leakage. The vulnerability is fixed in b3561.

Action-Not Available
Vendor-ggerganovggerganovggerganov
Product-llama.cppllama.cppllama.cpp
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-3382
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.24%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 17:05
Updated-22 Jan, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets

A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-ospa-5430pa-5440pa-5420pa-5445pa-5410Cloud NGFWPAN-OSPrisma Accessprisma_accesspan-oscloud_ngfw
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-26090
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 61.33%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 12:53
Updated-25 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortimailFortinet FortiMail
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-20210
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.12% / 77.33%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 18:57
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.

Action-Not Available
Vendor-privoxyn/a
Product-privoxyprivoxy
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-20214
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.12% / 77.33%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 18:57
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.

Action-Not Available
Vendor-privoxyn/a
Product-privoxyprivoxy
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-20215
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.12% / 77.33%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 18:57
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.

Action-Not Available
Vendor-privoxyn/a
Product-privoxyprivoxy
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-20211
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.83% / 73.53%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 18:57
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.

Action-Not Available
Vendor-privoxyn/a
Product-privoxyprivoxy
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-0230
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.18%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:36
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: Memory leak when querying Aggregated Ethernet (AE) interface statistics

On Juniper Networks SRX Series devices with link aggregation (lag) configured, executing any operation that fetches Aggregated Ethernet (AE) interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak. If all the available memory is consumed, the traffic will be impacted and a reboot might be required. The following log can be seen if this issue happens. /kernel: rt_pfe_veto: Memory over consumed. Op 1 err 12, rtsm_id 0:-1, msg type 72 /kernel: rt_pfe_veto: free kmem_map memory = (20770816) curproc = kmd An administrator can use the following CLI command to monitor the status of memory consumption (ifstat bucket): user@device > show system virtual-memory no-forwarding | match ifstat Type InUse MemUse HighUse Limit Requests Limit Limit Size(s) ifstat 2588977 162708K - 19633958 <<<< user@device > show system virtual-memory no-forwarding | match ifstat Type InUse MemUse HighUse Limit Requests Limit Limit Size(s) ifstat 3021629 189749K - 22914415 <<<< This issue affects Juniper Networks Junos OS on SRX Series: 17.1 versions 17.1R3 and above prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S5; 18.2 versions prior to 18.2R3-S7, 18.2R3-S8; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS prior to 17.1R3.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx5800srx380srx110srx4000srx4200srx340srx4100srx220srx240h2srx240srx3600srx5000srx5400srx1400srx100srx3400srx300srx550srx320srx5600junossrx650srx210srx4600srx550msrx1500Junos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-35893
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.63%
||
7 Day CHG~0.00%
Published-31 Dec, 2020 | 08:24
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory.

Action-Not Available
Vendor-simple-slab_projectn/a
Product-simple-slabn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-908
Use of Uninitialized Resource
CWE ID-CWE-193
Off-by-one Error
CVE-2020-3195
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.31% / 79.00%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 16:41
Updated-15 Nov, 2024 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF Packets Processing Memory Leak Vulnerability

A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5510_firmwareasa_5585-x_firmwareadaptive_security_appliance_softwareasa_5520asa_5505_firmwareasa_5510asa_5540_firmwareasa_5580_firmwareasa_5520_firmwareasa_5515-xasa_5550asa_5545-x_firmwareasa_5545-xasa_5525-x_firmwareasa_5505asa_5540asa_5555-xasa_5580asa_5585-xasa_5515-x_firmwareasa_5525-xasa_5555-x_firmwareasa_5512-x_firmwareasa_5550_firmwareasa_5512-xfirepower_threat_defenseCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-7397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.93%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 00:00
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.Debian GNU/LinuxGraphicsMagickopenSUSE
Product-ubuntu_linuxdebian_linuximagemagickgraphicsmagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-7395
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.74% / 85.42%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 00:00
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-7396
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.74% / 85.42%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 00:00
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-6681
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.92% / 75.00%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 17:10
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a memory leak in Multicast Forwarding Cache (MFC) handling in tmrouted.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_local_traffic_managerBIG-IP
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-24259
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.28%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 00:00
Updated-15 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.

Action-Not Available
Vendor-n/aArtifex Software Inc.
Product-mupdfn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-33105
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.03%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 13:13
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.

Action-Not Available
Vendor-n/aRedis Inc.
Product-redisn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found