CVE-2024-9355

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 1, 2024

Updated: Oct 4, 2024

CWE ID 457

Summary

CVE-2024-9355 identifies a vulnerability in Golang FIPS OpenSSL that can lead to the return of an uninitialized buffer length variable and may allow attackers to manipulate HMAC comparisons and produce predictable key outputs. Affected products include any utilizing Golang's FIPS mode, which could potentially impact the Go TLS stack. The flaw has a medium severity rating, with a CVSS base score of 6.5, indicating high integrity and confidentiality impacts with low availability implications. To remediate this issue, organizations should apply the relevant updates provided by their software vendors as soon as possible. If exploited, this vulnerability poses significant risks to data integrity and security within affected applications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database