Upstream information
CVE-2024-1394 at MITRE
Description
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
No SUSE Bugzilla entries cross referenced.
No SUSE Security Announcements cross referenced.
List of released packages
Product(s) | Fixed package version(s) | References |
SUSE Liberty Linux 8 | aardvark-dns >= 1.10.0-1.module+el8.10.0+22202+761b9a65
buildah >= 1.33.8-4.module+el8.10.0+22202+761b9a65
buildah-tests >= 1.33.8-4.module+el8.10.0+22202+761b9a65
cockpit-podman >= 84.1-1.module+el8.10.0+22202+761b9a65
conmon >= 2.1.10-1.module+el8.10.0+22202+761b9a65
container-selinux >= 2.229.0-2.module+el8.10.0+22202+761b9a65
containernetworking-plugins >= 1.4.0-5.module+el8.10.0+22202+761b9a65
containers-common >= 1-82.module+el8.10.0+22202+761b9a65
crit >= 3.18-5.module+el8.10.0+22202+761b9a65
criu >= 3.18-5.module+el8.10.0+22202+761b9a65
criu-devel >= 3.18-5.module+el8.10.0+22202+761b9a65
criu-libs >= 3.18-5.module+el8.10.0+22202+761b9a65
crun >= 1.14.3-2.module+el8.10.0+22202+761b9a65
delve >= 1.20.2-1.module+el8.9.0+18926+5193682d
fuse-overlayfs >= 1.13-1.module+el8.10.0+22202+761b9a65
go-toolset >= 1.20.12-1.module+el8.9.0+21033+5795bdf6
golang >= 1.20.12-3.module+el8.9.0+21528+703c3aa2
golang-bin >= 1.20.12-3.module+el8.9.0+21528+703c3aa2
golang-docs >= 1.20.12-3.module+el8.9.0+21528+703c3aa2
golang-misc >= 1.20.12-3.module+el8.9.0+21528+703c3aa2
golang-src >= 1.20.12-3.module+el8.9.0+21528+703c3aa2
golang-tests >= 1.20.12-3.module+el8.9.0+21528+703c3aa2
grafana >= 9.2.10-16.el8_10
grafana-pcp >= 5.1.1-2.el8_9
grafana-selinux >= 9.2.10-16.el8_10
libslirp >= 4.4.0-2.module+el8.10.0+22202+761b9a65
libslirp-devel >= 4.4.0-2.module+el8.10.0+22202+761b9a65
netavark >= 1.10.3-1.module+el8.10.0+22202+761b9a65
oci-seccomp-bpf-hook >= 1.2.10-1.module+el8.10.0+22202+761b9a65
podman >= 4.9.4-12.module+el8.10.0+22202+761b9a65
podman-catatonit >= 4.9.4-12.module+el8.10.0+22202+761b9a65
podman-docker >= 4.9.4-12.module+el8.10.0+22202+761b9a65
podman-gvproxy >= 4.9.4-12.module+el8.10.0+22202+761b9a65
podman-plugins >= 4.9.4-12.module+el8.10.0+22202+761b9a65
podman-remote >= 4.9.4-12.module+el8.10.0+22202+761b9a65
podman-tests >= 4.9.4-12.module+el8.10.0+22202+761b9a65
python3-criu >= 3.18-5.module+el8.10.0+22202+761b9a65
python3-podman >= 4.9.0-2.module+el8.10.0+22202+761b9a65
runc >= 1.1.12-4.module+el8.10.0+22202+761b9a65
skopeo >= 1.14.5-3.module+el8.10.0+22202+761b9a65
skopeo-tests >= 1.14.5-3.module+el8.10.0+22202+761b9a65
slirp4netns >= 1.2.3-1.module+el8.10.0+22202+761b9a65
toolbox >= 0.0.99.5-2.module+el8.10.0+22202+761b9a65
toolbox-tests >= 0.0.99.5-2.module+el8.10.0+22202+761b9a65
udica >= 0.2.6-21.module+el8.10.0+22202+761b9a65
| Patchnames: RHSA-2024:1472 RHSA-2024:1644 RHSA-2024:1646 RHSA-2024:3265 RHSA-2024:5258 |
SUSE Liberty Linux 9 | buildah >= 1.33.7-3.el9_4
buildah-tests >= 1.33.7-3.el9_4
containernetworking-plugins >= 1.4.0-4.el9_4
go-toolset >= 1.21.9-2.el9_4
golang >= 1.21.9-2.el9_4
golang-bin >= 1.21.9-2.el9_4
golang-docs >= 1.21.9-2.el9_4
golang-misc >= 1.21.9-2.el9_4
golang-src >= 1.21.9-2.el9_4
golang-tests >= 1.21.9-2.el9_4
grafana >= 9.2.10-16.el9_4
grafana-pcp >= 5.1.1-2.el9_4
grafana-selinux >= 9.2.10-16.el9_4
gvisor-tap-vsock >= 0.7.3-4.el9_4
podman >= 4.9.4-5.el9_4
podman-docker >= 4.9.4-5.el9_4
podman-plugins >= 4.9.4-5.el9_4
podman-remote >= 4.9.4-5.el9_4
podman-tests >= 4.9.4-5.el9_4
runc >= 1.1.12-3.el9_4
skopeo >= 1.14.3-3.el9_4
skopeo-tests >= 1.14.3-3.el9_4
| Patchnames: RHSA-2024:1462 RHSA-2024:1501 RHSA-2024:1502 RHSA-2024:2562 RHSA-2024:2568 RHSA-2024:2569 RHSA-2024:4371 RHSA-2024:4378 RHSA-2024:4379 RHSA-2024:4502 RHSA-2024:4761 RHSA-2024:4762 |
SUSE Timeline for this CVE
CVE page created: Wed Mar 20 19:00:16 2024
CVE page last modified: Thu Aug 15 20:46:53 2024