CVE-2024-9355

Golang-fips: golang fips zeroed buffer

Description

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.

Remediation

Workaround:

  • Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Category

6.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com
Affected: Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support
Affected: Red Hat Satellite Client 6 for RHEL 8
Affected: Red Hat Satellite Client 6 for RHEL 9
Affected: Red Hat Streams for Apache Kafka 2.9.0
Affected: Red Hat NBDE Tang Server
Affected: Red Hat OpenShift Developer Tools and Services
Affected: Red Hat OpenShift Developer Tools and Services
Affected: Red Hat OpenShift Pipelines
Affected: Red Hat OpenShift Serverless
Affected: Red Hat Red Hat Ansible Automation Platform 1.2
Affected: Red Hat Red Hat Ansible Automation Platform 1.2
Affected: Red Hat Red Hat Ansible Automation Platform 2
Affected: Red Hat Red Hat Ansible Automation Platform 2
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 7
Affected: Red Hat Red Hat Enterprise Linux 7
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat OpenShift Container Platform 4
Affected: Red Hat Red Hat Openshift Container Storage 4
Affected: Red Hat Red Hat Openshift Data Foundation 4
Affected: Red Hat Red Hat OpenShift Dev Spaces
Affected: Red Hat Red Hat OpenShift GitOps
Affected: Red Hat Red Hat OpenShift on AWS
Affected: Red Hat Red Hat OpenShift Virtualization 4
Affected: Red Hat Red Hat OpenStack Platform 16.2
Affected: Red Hat Red Hat OpenStack Platform 16.2
Affected: Red Hat Red Hat OpenStack Platform 16.2
Affected: Red Hat Red Hat OpenStack Platform 16.2
Affected: Red Hat Red Hat OpenStack Platform 17.1
Affected: Red Hat Red Hat OpenStack Platform 17.1
Affected: Red Hat Red Hat OpenStack Platform 17.1
Affected: Red Hat Red Hat OpenStack Platform 17.1
Affected: Red Hat Red Hat Satellite 6
Affected: Red Hat Red Hat Satellite 6
Affected: Red Hat Red Hat Satellite 6
Affected: Red Hat Red Hat Satellite 6
Affected: Red Hat Red Hat Satellite 6
Affected: Red Hat Red Hat Satellite 6
Affected: Red Hat Red Hat Service Interconnect 1
Affected: Red Hat Red Hat Service Interconnect 1
Affected: Red Hat Red Hat Service Interconnect 1
Affected: Red Hat Red Hat Storage 3
Affected: Red Hat Red Hat Trusted Artifact Signer
Published at:
Updated at:

References

Link Tags
https://access.redhat.com/errata/RHSA-2024:10133 vendor advisory
https://access.redhat.com/errata/RHSA-2024:7502 vendor advisory
https://access.redhat.com/errata/RHSA-2024:7550 vendor advisory
https://access.redhat.com/errata/RHSA-2024:8327 vendor advisory
https://access.redhat.com/errata/RHSA-2024:8678 vendor advisory
https://access.redhat.com/errata/RHSA-2024:8847 vendor advisory
https://access.redhat.com/errata/RHSA-2024:9551 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2416 vendor advisory
https://access.redhat.com/errata/RHSA-2025:7118 vendor advisory
https://access.redhat.com/errata/RHSA-2025:7256 vendor advisory
https://access.redhat.com/errata/RHSA-2025:7624 vendor advisory
https://access.redhat.com/security/cve/CVE-2024-9355 vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2315719 issue tracking

Frequently Asked Questions

What is the severity of CVE-2024-9355?
CVE-2024-9355 has been scored as a medium severity vulnerability.
How to fix CVE-2024-9355?
As a workaround for remediating CVE-2024-9355: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Is CVE-2024-9355 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-9355 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-9355?
CVE-2024-9355 affects Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support, Red Hat Satellite Client 6 for RHEL 8, Red Hat Satellite Client 6 for RHEL 9, Red Hat Streams for Apache Kafka 2.9.0, Red Hat NBDE Tang Server, Red Hat OpenShift Developer Tools and Services, Red Hat OpenShift Developer Tools and Services, Red Hat OpenShift Pipelines, Red Hat OpenShift Serverless, Red Hat Red Hat Ansible Automation Platform 1.2, Red Hat Red Hat Ansible Automation Platform 1.2, Red Hat Red Hat Ansible Automation Platform 2, Red Hat Red Hat Ansible Automation Platform 2, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat Openshift Container Storage 4, Red Hat Red Hat Openshift Data Foundation 4, Red Hat Red Hat OpenShift Dev Spaces, Red Hat Red Hat OpenShift GitOps, Red Hat Red Hat OpenShift on AWS, Red Hat Red Hat OpenShift Virtualization 4, Red Hat Red Hat OpenStack Platform 16.2, Red Hat Red Hat OpenStack Platform 16.2, Red Hat Red Hat OpenStack Platform 16.2, Red Hat Red Hat OpenStack Platform 16.2, Red Hat Red Hat OpenStack Platform 17.1, Red Hat Red Hat OpenStack Platform 17.1, Red Hat Red Hat OpenStack Platform 17.1, Red Hat Red Hat OpenStack Platform 17.1, Red Hat Red Hat Satellite 6, Red Hat Red Hat Satellite 6, Red Hat Red Hat Satellite 6, Red Hat Red Hat Satellite 6, Red Hat Red Hat Satellite 6, Red Hat Red Hat Satellite 6, Red Hat Red Hat Service Interconnect 1, Red Hat Red Hat Service Interconnect 1, Red Hat Red Hat Service Interconnect 1, Red Hat Red Hat Storage 3, Red Hat Red Hat Trusted Artifact Signer.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.