QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-9355

Back to search

CVE-2024-9355

Published: Oct 1, 2024

Modified: Jun 3, 2026

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.

VendorProductVersions

Unknown

github.com/golang-fips/openssl

All versions

Red Hat

Red Hat Enterprise Linux 7 Extended Lifecycle Support

unaffected
0:0.10-2.el7_9 - < *

Red Hat

Red Hat Enterprise Linux 8

unaffected
8100020241001112709.a3795dee - < *

Red Hat

Red Hat Enterprise Linux 8

unaffected
0:9.2.10-20.el8_10 - < *

Red Hat

Red Hat Enterprise Linux 8

unaffected
0:5.1.1-9.el8_10 - < *

Red Hat

Red Hat Enterprise Linux 9

unaffected
0:1.21.13-4.el9_4 - < *

Red Hat

Red Hat Enterprise Linux 9

unaffected
0:9.2.10-19.el9_4 - < *

Red Hat

Red Hat Enterprise Linux 9

unaffected
0:132-1.el9 - < *

Red Hat

Red Hat Enterprise Linux 9

unaffected
0:3.6.1-1.el9 - < *

Red Hat

Red Hat Enterprise Linux 9.4 Extended Update Support

unaffected
0:5.1.1-4.el9_4 - < *

Red Hat

Satellite Client 6 for RHEL 10

unaffected
0:0.3.1-1.el10sat - < *

Red Hat

Satellite Client 6 for RHEL 8

unaffected
0:0.3.1-1.el8sat - < *

Red Hat

Satellite Client 6 for RHEL 9

unaffected
0:0.3.1-1.el9sat - < *

Red Hat

Streams for Apache Kafka 2.9.0

All versions

Red Hat

NBDE Tang Server

All versions

Red Hat

OpenShift Developer Tools and Services

All versions

Red Hat

OpenShift Developer Tools and Services

All versions

Red Hat

OpenShift Pipelines

All versions

Red Hat

OpenShift Serverless

All versions

Red Hat

Red Hat Ansible Automation Platform 1.2

All versions

Red Hat

Red Hat Ansible Automation Platform 1.2

All versions

Red Hat

Red Hat Ansible Automation Platform 2

All versions

Red Hat

Red Hat Ansible Automation Platform 2

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 10

All versions

Red Hat

Red Hat Enterprise Linux 7

All versions

Red Hat

Red Hat Enterprise Linux 7

All versions

Red Hat

Red Hat Enterprise Linux 8

All versions

Red Hat

Red Hat Enterprise Linux 8

All versions

Red Hat

Red Hat Enterprise Linux 8

All versions

Red Hat

Red Hat Enterprise Linux 8

All versions

Red Hat

Red Hat Enterprise Linux 8

All versions

Red Hat

Red Hat Enterprise Linux 8

All versions

Red Hat

Red Hat Enterprise Linux 8

All versions

Red Hat

Red Hat Enterprise Linux 8

All versions

Red Hat

Red Hat Enterprise Linux 8

All versions

Red Hat

Red Hat Enterprise Linux 8

All versions

Red Hat

Red Hat Enterprise Linux 8

All versions

Red Hat

Red Hat Enterprise Linux 8

All versions

Red Hat

Red Hat Enterprise Linux 9

All versions

Red Hat

Red Hat Enterprise Linux 9

All versions

Red Hat

Red Hat Enterprise Linux 9

All versions

Red Hat

Red Hat Enterprise Linux 9

All versions

Red Hat

Red Hat Enterprise Linux 9

All versions

Red Hat

Red Hat Enterprise Linux 9

All versions

Red Hat

Red Hat Enterprise Linux 9

All versions

Red Hat

Red Hat Enterprise Linux 9

All versions

Red Hat

Red Hat Enterprise Linux 9

All versions

Red Hat

Red Hat Enterprise Linux 9

All versions

Red Hat

Red Hat Enterprise Linux 9

All versions

Red Hat

Red Hat Enterprise Linux 9

All versions

Red Hat

Red Hat Enterprise Linux 9

All versions

Red Hat

Red Hat Enterprise Linux 9

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat OpenShift Container Platform 4

All versions

Red Hat

Red Hat Openshift Container Storage 4

All versions

Red Hat

Red Hat Openshift Data Foundation 4

All versions

Red Hat

Red Hat OpenShift Dev Spaces

All versions

Red Hat

Red Hat OpenShift GitOps

All versions

Red Hat

Red Hat OpenShift on AWS

All versions

Red Hat

Red Hat OpenShift Virtualization 4

All versions

Red Hat

Red Hat OpenStack Platform 16.2

All versions

Red Hat

Red Hat OpenStack Platform 16.2

All versions

Red Hat

Red Hat OpenStack Platform 16.2

All versions

Red Hat

Red Hat OpenStack Platform 16.2

All versions

Red Hat

Red Hat OpenStack Platform 17.1

All versions

Red Hat

Red Hat OpenStack Platform 17.1

All versions

Red Hat

Red Hat OpenStack Platform 17.1

All versions

Red Hat

Red Hat OpenStack Platform 17.1

All versions

Red Hat

Red Hat Satellite 6

All versions

Red Hat

Red Hat Satellite 6

All versions

Red Hat

Red Hat Satellite 6

All versions

Red Hat

Red Hat Satellite 6

All versions

Red Hat

Red Hat Satellite 6

All versions

Red Hat

Red Hat Satellite 6

All versions

Red Hat

Red Hat Service Interconnect 1

All versions

Red Hat

Red Hat Service Interconnect 1

All versions

Red Hat

Red Hat Service Interconnect 1

All versions

Red Hat

Red Hat Storage 3

All versions

Red Hat

Red Hat Trusted Artifact Signer

All versions

Weaknesses (CWE)

CWE-457

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

References

RHSA-2024:10133
vendor-advisory
x_refsource_REDHAT
RHSA-2024:7502
vendor-advisory
x_refsource_REDHAT
RHSA-2024:7550
vendor-advisory
x_refsource_REDHAT
RHSA-2024:8327
vendor-advisory
x_refsource_REDHAT
RHSA-2024:8678
vendor-advisory
x_refsource_REDHAT
RHSA-2024:8847
vendor-advisory
x_refsource_REDHAT
RHSA-2024:9551
vendor-advisory
x_refsource_REDHAT
RHSA-2025:2416
vendor-advisory
x_refsource_REDHAT
RHSA-2025:7118
vendor-advisory
x_refsource_REDHAT
RHSA-2025:7256
vendor-advisory
x_refsource_REDHAT
RHSA-2025:7624
vendor-advisory
x_refsource_REDHAT
RHBZ#2315719
issue-tracking
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now