Veracode Vulnerability DatabaseVERACODE:46050Memory Leak
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.1%
github.com/golang-fips/openssl and github.com/microsoft/go-crypto-openssl are vulnerable to Memory Leak. The vulnerability is due to the mishandling of non-compliant RSA keys during encryption and verification, leading to a gradual depletion of available memory, which can result in a system crash.
References
access.redhat.com/errata/RHSA-2024:1462
access.redhat.com/errata/RHSA-2024:1468
access.redhat.com/errata/RHSA-2024:1472
access.redhat.com/errata/RHSA-2024:1501
access.redhat.com/errata/RHSA-2024:1502
access.redhat.com/errata/RHSA-2024:1561
access.redhat.com/errata/RHSA-2024:1563
access.redhat.com/errata/RHSA-2024:1566
access.redhat.com/errata/RHSA-2024:1567
access.redhat.com/errata/RHSA-2024:1574
access.redhat.com/errata/RHSA-2024:1640
access.redhat.com/errata/RHSA-2024:1644
access.redhat.com/errata/RHSA-2024:1646
access.redhat.com/errata/RHSA-2024:1763
access.redhat.com/errata/RHSA-2024:1897
access.redhat.com/errata/RHSA-2024:2562
access.redhat.com/errata/RHSA-2024:2568
access.redhat.com/errata/RHSA-2024:2569
access.redhat.com/errata/RHSA-2024:2729
access.redhat.com/errata/RHSA-2024:2730
access.redhat.com/errata/RHSA-2024:2767
access.redhat.com/errata/RHSA-2024:3265
access.redhat.com/security/cve/CVE-2024-1394
bugzilla.redhat.com/show_bug.cgi?id=2262921
github.com/advisories/GHSA-78hx-gp6g-7mj6
github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136
github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6
github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f
pkg.go.dev/vuln/GO-2024-2660
vuln.go.dev/ID/GO-2024-2660.json
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.1%