VYPR

OpenSSL

by Golang Fips

Source repositories

CVEs (2)

  • CVE-2024-1394HigMar 21, 2024
    risk 0.42cvss 7.5epss 0.02

    A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are…

  • CVE-2024-9355MedOct 1, 2024
    risk 0.35cvss 6.5epss 0.00

    A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when…