How severe is CVE-2024-1394?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-1394?

This is classified as CWE-401, which is a common weakness in software security.

CVE-2024-1394 - HIGH Severity | CVSS 7.5

Vulnerability Description

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.

Related Vulnerabilities

CVE-2016-4232

HIGH

CVSS:7.5(High)

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information from process memory v...

CWE-4012016

CVE-2016-6304

HIGH

CVSS:7.5(High)

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status ...

CWE-4012016

CVE-2017-7654

HIGH

CVSS:7.5(High)

In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of servi...

CWE-4012017

CVE-2018-11246

HIGH

CVSS:7.5(High)

K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak.

CWE-4012018

CVE-2018-13844

HIGH

CVSS:7.5(High)

An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users w...

CWE-4012018

CVE-2018-17240

HIGH

CVSS:7.5(High)

There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., user...

CWE-4012018