Upstream information
Description
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputsâ. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkeyâ and ctxâ. That function uses named return parameters to free pkeyâ and ctxâ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkeyâ and ctxâ will be nil inside the deferred function that should free them.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
No SUSE Bugzilla entries cross referenced. No SUSE Security Announcements cross referenced.List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Liberty Linux 8 |
| Patchnames: RHSA-2024:1472 RHSA-2024:1644 RHSA-2024:1646 |
SUSE Liberty Linux 9 |
| Patchnames: RHSA-2024:1462 RHSA-2024:1501 RHSA-2024:1502 |
SUSE Timeline for this CVE
CVE page created: Wed Mar 20 19:00:16 2024CVE page last modified: Thu Apr 11 20:37:30 2024