Description

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.

INFO

Published Date :

2024-10-01T18:17:29.420Z

Last Modified :

2026-04-30T16:33:24.121Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-9355 vulnerability.

Vendors Products
Redhat
  • Amq Streams
  • Ansible Automation Platform
  • Container Native Virtualization
  • Enterprise Linux
  • Network Bound Disk Encryption Tang
  • Ocp Tools
  • Openshift
  • Openshift Container Storage
  • Openshift Data Foundation
  • Openshift Devspaces
  • Openshift Gitops
  • Openshift Pipelines
  • Openshift Service On Aws
  • Openstack
  • Rhel Els
  • Rhel Eus
  • Rhel Satellite Client
  • Satellite
  • Serverless
  • Service Interconnect
  • Storage
  • Trusted Artifact Signer
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-9355.

URL Resource
https://access.redhat.com/errata/RHSA-2024:10133 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:7502 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:7550 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8327 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8678 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:8847 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:9551 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2416 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:7118 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:7256 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:7624 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-9355 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2315719 cve-icon cve-icon
https://github.com/golang-fips/openssl/pull/198 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-9355 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-9355 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact