Количество 32
Количество 32
GHSA-78hx-gp6g-7mj6
Memory leaks in code encrypting and verifying RSA payloads
CVE-2024-1394
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
CVE-2024-1394
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
RLSA-2024:4502
Important: skopeo security update
RLSA-2024:2569
Important: grafana-pcp security update
RLSA-2024:1646
Important: grafana security and bug fix update
RLSA-2024:1644
Important: grafana-pcp security and bug fix update
RLSA-2024:1502
Important: grafana-pcp security update
ELSA-2024-4762
ELSA-2024-4762: runc security update (IMPORTANT)
ELSA-2024-4761
ELSA-2024-4761: containernetworking-plugins security update (IMPORTANT)
ELSA-2024-4502
ELSA-2024-4502: skopeo security update (IMPORTANT)
ELSA-2024-4379
ELSA-2024-4379: gvisor-tap-vsock security update (IMPORTANT)
ELSA-2024-4378
ELSA-2024-4378: podman security update (IMPORTANT)
ELSA-2024-4371
ELSA-2024-4371: buildah security update (IMPORTANT)
ELSA-2024-2569
ELSA-2024-2569: grafana-pcp security update (IMPORTANT)
ELSA-2024-1646
ELSA-2024-1646: grafana security and bug fix update (IMPORTANT)
ELSA-2024-1644
ELSA-2024-1644: grafana-pcp security and bug fix update (IMPORTANT)
ELSA-2024-1502
ELSA-2024-1502: grafana-pcp security update (IMPORTANT)
ELSA-2024-1501
ELSA-2024-1501: grafana security update (IMPORTANT)
ELSA-2024-1472
ELSA-2024-1472: go-toolset:ol8 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-78hx-gp6g-7mj6 Memory leaks in code encrypting and verifying RSA payloads | CVSS3: 7.5 | 1% Низкий | около 1 года назад |
 | CVE-2024-1394 A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them. | CVSS3: 7.5 | 1% Низкий | около 1 года назад |
 | CVE-2024-1394 A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them. | CVSS3: 7.5 | 1% Низкий | около 1 года назад |
 | RLSA-2024:4502 Important: skopeo security update | 1% Низкий | 11 месяцев назад | |
| RLSA-2024:2569 Important: grafana-pcp security update | 1% Низкий | около 1 года назад | |
| RLSA-2024:1646 Important: grafana security and bug fix update | 1% Низкий | около 1 года назад | |
| RLSA-2024:1644 Important: grafana-pcp security and bug fix update | 1% Низкий | около 1 года назад | |
| RLSA-2024:1502 Important: grafana-pcp security update | 1% Низкий | около 1 года назад | |
| ELSA-2024-4762 ELSA-2024-4762: runc security update (IMPORTANT) | 11 месяцев назад | ||
| ELSA-2024-4761 ELSA-2024-4761: containernetworking-plugins security update (IMPORTANT) | 11 месяцев назад | ||
| ELSA-2024-4502 ELSA-2024-4502: skopeo security update (IMPORTANT) | 11 месяцев назад | ||
| ELSA-2024-4379 ELSA-2024-4379: gvisor-tap-vsock security update (IMPORTANT) | 12 месяцев назад | ||
| ELSA-2024-4378 ELSA-2024-4378: podman security update (IMPORTANT) | 12 месяцев назад | ||
| ELSA-2024-4371 ELSA-2024-4371: buildah security update (IMPORTANT) | 12 месяцев назад | ||
| ELSA-2024-2569 ELSA-2024-2569: grafana-pcp security update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-1646 ELSA-2024-1646: grafana security and bug fix update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-1644 ELSA-2024-1644: grafana-pcp security and bug fix update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-1502 ELSA-2024-1502: grafana-pcp security update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-1501 ELSA-2024-1501: grafana security update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-1472 ELSA-2024-1472: go-toolset:ol8 security update (IMPORTANT) | около 1 года назад |
Уязвимостей на страницу