Satellite%20Client%206%20for%20RHEL%208

Satellite Client 6 for RHEL 8

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

1Vulnerabilities found

CVE-2024-9355

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-6.5||MEDIUM

EPSS-0.02% / 4.09%

7 Day CHG~0.00%

Published-01 Oct, 2024 | 18:17

Updated-04 Aug, 2025 | 09:54

Golang-fips: golang fips zeroed buffer

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.

Vendor-Red Hat, Inc.

Product-Satellite Client 6 for RHEL 9 Red Hat OpenShift GitOps Red Hat Enterprise Linux 7 Red Hat OpenShift on AWS Red Hat Storage 3 NBDE Tang Server Red Hat OpenShift Virtualization 4 Red Hat OpenStack Platform 16.2 Red Hat OpenShift Container Platform 4 Red Hat Enterprise Linux 9 Streams for Apache Kafka 2.9.0 Red Hat Enterprise Linux 7 Extended Lifecycle Support Red Hat Service Interconnect 1 OpenShift Pipelines OpenShift Serverless Red Hat Ansible Automation Platform 2 Red Hat OpenStack Platform 17.1 OpenShift Developer Tools and Services Red Hat Enterprise Linux 9.4 Extended Update Support Red Hat Satellite 6 Satellite Client 6 for RHEL 8 Red Hat Openshift Data Foundation 4 Red Hat OpenShift Dev Spaces Red Hat Ansible Automation Platform 1.2 Red Hat Enterprise Linux 8 Red Hat Trusted Artifact Signer Red Hat Enterprise Linux 10 Red Hat Openshift Container Storage 4

CWE ID-CWE-457

Use of Uninitialized Variable