7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.2%
Using crafted public RSA keys which are not compliant with SP 800-56B can cause a small memory leak when encrypting and verifying payloads.
An attacker can leverage this flaw to gradually erode available memory to the point where the host crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
access.redhat.com/errata/RHSA-2024:1462
access.redhat.com/errata/RHSA-2024:1468
access.redhat.com/errata/RHSA-2024:1472
access.redhat.com/errata/RHSA-2024:1501
access.redhat.com/errata/RHSA-2024:1502
access.redhat.com/errata/RHSA-2024:1561
access.redhat.com/errata/RHSA-2024:1563
access.redhat.com/errata/RHSA-2024:1566
access.redhat.com/errata/RHSA-2024:1567
access.redhat.com/errata/RHSA-2024:1574
access.redhat.com/errata/RHSA-2024:1640
access.redhat.com/errata/RHSA-2024:1644
access.redhat.com/errata/RHSA-2024:1646
access.redhat.com/errata/RHSA-2024:1763
access.redhat.com/errata/RHSA-2024:1897
access.redhat.com/errata/RHSA-2024:2562
access.redhat.com/errata/RHSA-2024:2568
access.redhat.com/errata/RHSA-2024:2569
access.redhat.com/errata/RHSA-2024:2729
access.redhat.com/errata/RHSA-2024:2730
access.redhat.com/errata/RHSA-2024:2767
access.redhat.com/errata/RHSA-2024:3265
access.redhat.com/security/cve/CVE-2024-1394
bugzilla.redhat.com/show_bug.cgi?id=2262921
github.com/golang-fips/openssl
github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136
github.com/golang-fips/openssl/releases/tag/v2.0.1
github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6
github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f
github.com/microsoft/go-crypto-openssl/releases/tag/v0.2.9
nvd.nist.gov/vuln/detail/CVE-2024-1394
pkg.go.dev/vuln/GO-2024-2660
vuln.go.dev/ID/GO-2024-2660.json
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.2%