{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T11:28:02.985","vulnerabilities":[{"cve":{"id":"CVE-2024-9355","sourceIdentifier":"secalert@redhat.com","published":"2024-10-01T19:15:09.793","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack."},{"lang":"es","value":"Se encontró una vulnerabilidad en Golang FIPS OpenSSL. Esta falla permite que un usuario malintencionado haga que se devuelva aleatoriamente una variable de longitud de búfer no inicializada con un búfer puesto a cero en modo FIPS. También es posible forzar una coincidencia de falso positivo entre hashes no iguales al comparar una suma hmac calculada confiable con una suma de entrada no confiable si un atacante puede enviar un búfer puesto a cero en lugar de una suma calculada previamente. También es posible forzar que una clave derivada sea todo ceros en lugar de un valor impredecible. Esto puede tener implicaciones posteriores para la pila TLS de Go."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":5.5}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-457"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:10133","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:7502","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:7550","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8327","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8678","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8847","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:9551","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:2416","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:7118","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:7256","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:7624","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-9355","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315719","source":"secalert@redhat.com"},{"url":"https://github.com/golang-fips/openssl/pull/198","source":"secalert@redhat.com"}]}}]}