CVE-2024-9355

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-457
View all →

Vulnerability Description

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.

Related Vulnerabilities

CVE-2022-2308

MEDIUM
CVSS:6.5(Medium)

A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE use...

CWE-4572022

CVE-2024-32625

MEDIUM
CVSS:5.8(Medium)

In OffloadAMRWriter, a scalar field is not initialized so will contain an arbitrary value left over from earlier computations

CWE-4572024

CVE-2019-1010317

MEDIUM
CVSS:5.5(Medium)

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). ...

CWE-4572019

CVE-2019-1010319

MEDIUM
CVSS:5.5(Medium)

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:21...

CWE-4572019

CVE-2021-44003

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while par...

CWE-4572021