CVE-2024-1394
Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads
CVSS Score
7.5
EPSS Score
0.9%
EPSS Percentile
75th
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
| CWE | CWE-401 |
| Vendor | red hat |
| Product | red hat ansible automation platform 2.4 for rhel 8 |
| Published | Mar 21, 2024 |
| Last Updated | Mar 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat ansible automation platform 2.4 for rhel 8
Be the first to know when new high vulnerabilities affecting red hat red hat ansible automation platform 2.4 for rhel 8 are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
Red Hat / Red Hat Ansible Automation Platform 2.4 for RHEL 8
All versions affected Red Hat / Red Hat Ansible Automation Platform 2.4 for RHEL 9
All versions affected Red Hat / Red Hat Developer Tools
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Extended Update Support
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected Red Hat / Red Hat OpenStack Platform 16.2
All versions affected Red Hat / Red Hat OpenStack Platform 17.1 for RHEL 8
All versions affected Red Hat / Red Hat OpenStack Platform 17.1 for RHEL 9
All versions affected Red Hat / Red Hat OpenStack Platform 17.1 for RHEL 9
All versions affected Red Hat / RHODF-4.16-RHEL-9
All versions affected Red Hat / RHODF-4.16-RHEL-9
All versions affected Red Hat / NBDE Tang Server
All versions affected Red Hat / OpenShift Developer Tools and Services
All versions affected Red Hat / OpenShift Developer Tools and Services
All versions affected Red Hat / OpenShift Pipelines
All versions affected Red Hat / OpenShift Serverless
All versions affected Red Hat / Red Hat Ansible Automation Platform 1.2
All versions affected Red Hat / Red Hat Ansible Automation Platform 1.2
All versions affected Red Hat / Red Hat Certification for Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Certification Program for Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected Red Hat / Red Hat Openshift Container Storage 4
All versions affected Red Hat / Red Hat OpenShift Dev Spaces
All versions affected Red Hat / Red Hat OpenShift GitOps
All versions affected Red Hat / Red Hat OpenShift on AWS
All versions affected Red Hat / Red Hat OpenShift Virtualization 4
All versions affected Red Hat / Red Hat OpenStack Platform 16.1
All versions affected Red Hat / Red Hat OpenStack Platform 16.1
All versions affected Red Hat / Red Hat OpenStack Platform 16.1
All versions affected Red Hat / Red Hat OpenStack Platform 16.2
All versions affected Red Hat / Red Hat OpenStack Platform 16.2
All versions affected Red Hat / Red Hat OpenStack Platform 16.2
All versions affected Red Hat / Red Hat OpenStack Platform 17.1
All versions affected Red Hat / Red Hat OpenStack Platform 17.1
All versions affected Red Hat / Red Hat OpenStack Platform 17.1
All versions affected Red Hat / Red Hat OpenStack Platform 18.0
All versions affected Red Hat / Red Hat Service Interconnect 1
All versions affected Red Hat / Red Hat Service Interconnect 1
All versions affected Red Hat / Red Hat Service Interconnect 1
All versions affected Red Hat / Red Hat Software Collections
All versions affected Red Hat / Red Hat Storage 3
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1462 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1468 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1472 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1501 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1502 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1561 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1563 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1566 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1567 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1574 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1640 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1644 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1646 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1763 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1897 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:2562 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:2568 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:2569 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:2729 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:2730 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:2767 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:3265 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:3352 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4146 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4371 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4378 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4379 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4502 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4581 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4591 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4672 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4699 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4761 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4762 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4960 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:5258 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:5634 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:7262 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:7118 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-1394 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2262921 github.com: https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 github.com: https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 github.com: https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f pkg.go.dev: https://pkg.go.dev/vuln/GO-2024-2660 vuln.go.dev: https://vuln.go.dev/ID/GO-2024-2660.json
Credits
Red Hat would like to thank @qmuntal and @r3kumar for reporting this issue.