{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-05T15:29:53.387","vulnerabilities":[{"cve":{"id":"CVE-2024-1394","sourceIdentifier":"secalert@redhat.com","published":"2024-03-21T13:00:08.037","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them."},{"lang":"es","value":"Se encontró una falla de pérdida de memoria en Golang en el código de cifrado/descifrado RSA, lo que podría conducir a una vulnerabilidad de agotamiento de recursos mediante entradas controladas por el atacante. La pérdida de memoria ocurre en github.com/golang-fips/openssl/openssl/rsa.go#L113. Los objetos filtrados son pkey? y ctx?. Esa función utiliza parámetros de retorno con nombre para liberar pkey? y ctx? si hay un error al inicializar el contexto o al configurar las diferentes propiedades. Todas las declaraciones de devolución relacionadas con casos de error siguen el patrón \"return nil, nil, fail(...)\", lo que significa que pkey? y ctx? serán nulos dentro de la función diferida que debería liberarlos."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:1462","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1468","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1472","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1501","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1502","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1561","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1563","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1566","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1567","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1574","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1640","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1644","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1646","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1763","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1897","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2562","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2568","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2569","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2729","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2730","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2767","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:3265","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:3352","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4146","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4371","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4378","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4379","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4502","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4581","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4591","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4672","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4699","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4761","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4762","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4960","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:5258","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:5634","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:7262","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:7118","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-1394","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262921","source":"secalert@redhat.com"},{"url":"https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136","source":"secalert@redhat.com"},{"url":"https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6","source":"secalert@redhat.com"},{"url":"https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f","source":"secalert@redhat.com"},{"url":"https://pkg.go.dev/vuln/GO-2024-2660","source":"secalert@redhat.com"},{"url":"https://vuln.go.dev/ID/GO-2024-2660.json","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1462","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1468","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1472","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1501","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1502","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1561","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1563","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1566","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1567","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1574","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1640","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1644","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1646","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1763","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1897","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2562","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2568","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2569","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2729","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2730","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2767","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:3265","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:3352","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4146","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4371","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4378","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4379","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4502","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4581","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4591","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4672","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4699","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4761","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4762","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2024-1394","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262921","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://pkg.go.dev/vuln/GO-2024-2660","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://vuln.go.dev/ID/GO-2024-2660.json","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}