Satellite%20Client%206%20for%20RHEL%2010

Satellite Client 6 for RHEL 10

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

1Vulnerabilities found

CVE-2024-9355

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 21.43%

7 Day CHG~0.00%

Published-01 Oct, 2024 | 18:17

Updated-03 Feb, 2026 | 22:06

Golang-fips: golang fips zeroed buffer

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.

Vendor-Red Hat, Inc.

Product-Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 7 Extended Lifecycle Support Satellite Client 6 for RHEL 10 Satellite Client 6 for RHEL 8 Red Hat OpenShift GitOps Red Hat Satellite 6 OpenShift Developer Tools and Services Red Hat Ansible Automation Platform 1.2 Red Hat OpenShift Virtualization 4 Red Hat Trusted Artifact Signer Streams for Apache Kafka 2.9.0 Red Hat OpenShift Container Platform 4 Red Hat Openshift Container Storage 4 Red Hat Enterprise Linux 9 Red Hat Openshift Data Foundation 4 Satellite Client 6 for RHEL 9 Red Hat Enterprise Linux 8 Red Hat Ansible Automation Platform 2 OpenShift Pipelines Red Hat OpenStack Platform 16.2 Red Hat Service Interconnect 1 Red Hat OpenShift Dev Spaces Red Hat OpenStack Platform 17.1 Red Hat Storage 3 Red Hat Enterprise Linux 9.4 Extended Update Support Red Hat Enterprise Linux 10 OpenShift Serverless Red Hat OpenShift on AWS NBDE Tang Server

CWE ID-CWE-457

Use of Uninitialized Variable