2 matches found
Use Of Uninitialized Variable
github.com/golang-fips/openssl is vulnerable to Use of Uninitialized Variable. The vulnerability is due to improper handling of uninitialized buffer lengths in FIPS mode, which can result in zeroed buffers being returned. This flaw allows an attacker to force false positive hash matches, send...
PT-2024-39589
Name of the Vulnerable Software and Affected Versions Golang FIPS OpenSSL affected versions not specified Description A flaw in Golang FIPS OpenSSL allows a malicious user to cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. This may also lead to a...