PT-2024-2419 · Golang+5 · Golang+5

Qmuntal

Published

2024-03-20

Updated

2025-05-14

CVE-2024-1394

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Golang (affected versions not specified)

Description A memory leak flaw was found in Golang's RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in the rsa.go file and affects objects pkey and ctx. This issue can be exploited by an attacker using crafted public RSA keys to cause a denial of service attack by gradually eroding available memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Leak

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-400

Related Identifiers

ALSA-2024:1462

ALSA-2024:1472

ALSA-2024:1501

ALSA-2024:1502

ALSA-2024:1644

ALSA-2024:1646

ALSA-2024:2562

ALSA-2024:2568

ALSA-2024:2569

ALSA-2024:3265

ALSA-2024:4371

ALSA-2024:4378

ALSA-2024:4379

ALSA-2024:4502

ALSA-2024:4761

ALSA-2024:4762

ALSA-2024:5258

ALSA-2024:7262

ALSA-2025:7118

BDU:2024-02371

CESA-2024_1472

CESA-2024_1644

CESA-2024_1646

CESA-2024_3265

CESA-2024_5258

CESA-2024_7262

CVE-2024-1394

GHSA-78HX-GP6G-7MJ6

GO-2024-2660

INFSA-2024_2562

INFSA-2024_2568

INFSA-2024_2569

INFSA-2024_3265

INFSA-2024_4371

INFSA-2024_4378

INFSA-2024_4379

INFSA-2024_4502

INFSA-2024_4761

INFSA-2024_4762

INFSA-2024_5258

INFSA-2024_7262

INFSA-2025_7118

RHSA-2024:1462

RHSA-2024:1468

RHSA-2024:1472

RHSA-2024:1501

RHSA-2024:1502

RHSA-2024:1561

RHSA-2024:1563

RHSA-2024:1566

RHSA-2024:1567

RHSA-2024:1574

RHSA-2024:1640

RHSA-2024:1644

RHSA-2024:1646

RHSA-2024:1763

RHSA-2024:1897

RHSA-2024:2562

RHSA-2024:2568

RHSA-2024:2569

RHSA-2024:2729

RHSA-2024:2730

RHSA-2024:2767

RHSA-2024:3265

RHSA-2024:3352

RHSA-2024:4146

RHSA-2024:4371

RHSA-2024:4378

RHSA-2024:4379

RHSA-2024:4502

RHSA-2024:4581

RHSA-2024:4672

RHSA-2024:4761

RHSA-2024:4762

RHSA-2024:5258

RHSA-2024:5634

RHSA-2024:7262

RHSA-2024_1462

RHSA-2024_1472

RHSA-2024_1501

RHSA-2024_1502

RHSA-2024_1644

RHSA-2024_1646

RHSA-2024_2562

RHSA-2024_2568

RHSA-2024_2569

RHSA-2024_3265

RHSA-2024_4371

RHSA-2024_4378

RHSA-2024_4379

RHSA-2024_4502

RHSA-2024_4761

RHSA-2024_4762

RHSA-2024_5258

RHSA-2024_7262

RHSA-2025:7118

RHSA-2025_7118

RLSA-2024:1472

RLSA-2024:1502

RLSA-2024:1644

RLSA-2024:1646

RLSA-2024:2562

RLSA-2024:2568

RLSA-2024:2569

RLSA-2024:3265

RLSA-2024:4502

RLSA-2024:5258

RLSA-2024:7262

Affected Products

Almalinux

Centos

Golang

Red Hat

Rocky Linux

Zvirt Node

PT-2024-2419 · Golang+5 · Golang+5

CVE-2024-1394

Weakness Enumeration

Related Identifiers

Affected Products

References · 202