VYPR

rpm package

almalinux/osbuild-ostree

pkg:rpm/almalinux/osbuild-ostree

Vulnerabilities (3)

  • CVE-2024-9355MedOct 1, 2024
    affected < 141-1.el9.alma.1fixed 141-1.el9.alma.1

    A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when co

  • CVE-2024-34158HigSep 6, 2024
    affected < 141-1.el9.alma.1fixed 141-1.el9.alma.1

    Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

  • CVE-2024-1394HigMar 21, 2024
    affected < 141-1.el9.alma.1fixed 141-1.el9.alma.1

    A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and