CVE-2024-9355 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-9355 Interim 1 19 2026-03-05T02:55:13Z current 2024-10-03T23:24:37Z 2026-03-05T02:55:13Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-9355 A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/suse-liberty-linux-updates/2024-October/000111.html E-Mail link for RHSA-2024:7502 https://lists.suse.com/pipermail/suse-liberty-linux-updates/2024-October/000108.html E-Mail link for RHSA-2024:7550 https://lists.suse.com/pipermail/suse-liberty-linux-updates/2024-October/000150.html E-Mail link for RHSA-2024:8327 https://lists.suse.com/pipermail/suse-liberty-linux-updates/2024-October/000159.html E-Mail link for RHSA-2024:8678 https://lists.suse.com/pipermail/suse-liberty-linux-updates/2024-November/000193.html E-Mail link for RHSA-2024:8847 https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-May/001295.html E-Mail link for RHSA-2025:7256 https://lists.suse.com/pipermail/sle-security-updates/2024-November/019776.html E-Mail link for SUSE-SU-2024:3911-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3GBL6IN35EDC2YQIKBPTX7XQQ67KRPAM/ E-Mail link for openSUSE-SU-2024:0350-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XTEQAM75LF5DZCFX3MOH4IT3DWP5ZTL6/ E-Mail link for openSUSE-SU-2024:14447-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container suse/sl-micro/6.0/baremetal-os-container:latest Container suse/sl-micro/6.0/toolbox:latest Image SL-Micro Image SL-Micro-Base Image SL-Micro-Base-RT Image SL-Micro-Base-RT-SelfInstall Image SL-Micro-Base-RT-encrypted Image SL-Micro-Base-SelfInstall Image SL-Micro-Base-encrypted Image SL-Micro-Base-qcow Image SL-Micro-Default Image SL-Micro-Default-SelfInstall Image SL-Micro-Default-encrypted Image SL-Micro-Default-qcow Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE SUSE Liberty Linux 8 SUSE Liberty Linux 9 SUSE Linux Enterprise Server 16.0 openSUSE Tumbleweed delve-1.21.2-4.module+el8.10.0+22329+6cd5c9c6 git-lfs-3.6.1-1.el9 go-toolset-1.21.13-1.module+el8.10.0+22329+6cd5c9c6 go-toolset-1.21.13-4.el9_4 golang-1.21.13-3.module+el8.10.0+22345+acdd8d0e golang-1.21.13-4.el9_4 golang-bin-1.21.13-3.module+el8.10.0+22345+acdd8d0e golang-bin-1.21.13-4.el9_4 golang-docs-1.21.13-3.module+el8.10.0+22345+acdd8d0e golang-docs-1.21.13-4.el9_4 golang-misc-1.21.13-3.module+el8.10.0+22345+acdd8d0e golang-misc-1.21.13-4.el9_4 golang-src-1.21.13-3.module+el8.10.0+22345+acdd8d0e golang-src-1.21.13-4.el9_4 golang-tests-1.21.13-3.module+el8.10.0+22345+acdd8d0e golang-tests-1.21.13-4.el9_4 govulncheck-vulndb-0.0.20241030T212825-1.1 govulncheck-vulndb-0.0.20250814T182633-160000.1.2 grafana-9.2.10-19.el9_4 grafana-9.2.10-20.el8_10 grafana-pcp-5.1.1-9.el8_10 grafana-selinux-9.2.10-19.el9_4 grafana-selinux-9.2.10-20.el8_10 less-633-3.1 less-633-3.1 as a component of Container suse/sl-micro/6.0/baremetal-os-container:latest less-633-3.1 as a component of Container suse/sl-micro/6.0/toolbox:latest less-633-3.1 as a component of Image SL-Micro less-633-3.1 as a component of Image SL-Micro-Base less-633-3.1 as a component of Image SL-Micro-Base-RT less-633-3.1 as a component of Image SL-Micro-Base-RT-SelfInstall less-633-3.1 as a component of Image SL-Micro-Base-RT-encrypted less-633-3.1 as a component of Image SL-Micro-Base-SelfInstall less-633-3.1 as a component of Image SL-Micro-Base-encrypted less-633-3.1 as a component of Image SL-Micro-Base-qcow less-633-3.1 as a component of Image SL-Micro-Default less-633-3.1 as a component of Image SL-Micro-Default-SelfInstall less-633-3.1 as a component of Image SL-Micro-Default-encrypted less-633-3.1 as a component of Image SL-Micro-Default-qcow less-633-3.1 as a component of Image SLE-Micro less-633-3.1 as a component of Image SLE-Micro-Azure less-633-3.1 as a component of Image SLE-Micro-BYOS less-633-3.1 as a component of Image SLE-Micro-BYOS-Azure less-633-3.1 as a component of Image SLE-Micro-BYOS-EC2 less-633-3.1 as a component of Image SLE-Micro-BYOS-GCE less-633-3.1 as a component of Image SLE-Micro-EC2 less-633-3.1 as a component of Image SLE-Micro-GCE delve-1.21.2-4.module+el8.10.0+22329+6cd5c9c6 as a component of SUSE Liberty Linux 8 go-toolset-1.21.13-1.module+el8.10.0+22329+6cd5c9c6 as a component of SUSE Liberty Linux 8 golang-1.21.13-3.module+el8.10.0+22345+acdd8d0e as a component of SUSE Liberty Linux 8 golang-bin-1.21.13-3.module+el8.10.0+22345+acdd8d0e as a component of SUSE Liberty Linux 8 golang-docs-1.21.13-3.module+el8.10.0+22345+acdd8d0e as a component of SUSE Liberty Linux 8 golang-misc-1.21.13-3.module+el8.10.0+22345+acdd8d0e as a component of SUSE Liberty Linux 8 golang-src-1.21.13-3.module+el8.10.0+22345+acdd8d0e as a component of SUSE Liberty Linux 8 golang-tests-1.21.13-3.module+el8.10.0+22345+acdd8d0e as a component of SUSE Liberty Linux 8 grafana-9.2.10-20.el8_10 as a component of SUSE Liberty Linux 8 grafana-pcp-5.1.1-9.el8_10 as a component of SUSE Liberty Linux 8 grafana-selinux-9.2.10-20.el8_10 as a component of SUSE Liberty Linux 8 git-lfs-3.6.1-1.el9 as a component of SUSE Liberty Linux 9 go-toolset-1.21.13-4.el9_4 as a component of SUSE Liberty Linux 9 golang-1.21.13-4.el9_4 as a component of SUSE Liberty Linux 9 golang-bin-1.21.13-4.el9_4 as a component of SUSE Liberty Linux 9 golang-docs-1.21.13-4.el9_4 as a component of SUSE Liberty Linux 9 golang-misc-1.21.13-4.el9_4 as a component of SUSE Liberty Linux 9 golang-src-1.21.13-4.el9_4 as a component of SUSE Liberty Linux 9 golang-tests-1.21.13-4.el9_4 as a component of SUSE Liberty Linux 9 grafana-9.2.10-19.el9_4 as a component of SUSE Liberty Linux 9 grafana-selinux-9.2.10-19.el9_4 as a component of SUSE Liberty Linux 9 govulncheck-vulndb-0.0.20250814T182633-160000.1.2 as a component of SUSE Linux Enterprise Server 16.0 govulncheck-vulndb-0.0.20241030T212825-1.1 as a component of openSUSE Tumbleweed A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack. CVE-2024-9355 Container suse/sl-micro/6.0/baremetal-os-container:latest:less-633-3.1 Container suse/sl-micro/6.0/toolbox:latest:less-633-3.1 Image SL-Micro:less-633-3.1 Image SL-Micro-Base:less-633-3.1 Image SL-Micro-Base-RT:less-633-3.1 Image SL-Micro-Base-RT-SelfInstall:less-633-3.1 Image SL-Micro-Base-RT-encrypted:less-633-3.1 Image SL-Micro-Base-SelfInstall:less-633-3.1 Image SL-Micro-Base-VMware:less-633-3.1 Image SL-Micro-Base-encrypted:less-633-3.1 Image SL-Micro-Base-qcow:less-633-3.1 Image SL-Micro-Default:less-633-3.1 Image SL-Micro-Default-SelfInstall:less-633-3.1 Image SL-Micro-Default-VMware:less-633-3.1 Image SL-Micro-Default-encrypted:less-633-3.1 Image SL-Micro-Default-qcow:less-633-3.1 Image SLE-Micro:less-633-3.1 Image SLE-Micro-Azure:less-633-3.1 Image SLE-Micro-BYOS:less-633-3.1 Image SLE-Micro-BYOS-Azure:less-633-3.1 Image SLE-Micro-BYOS-EC2:less-633-3.1 Image SLE-Micro-BYOS-GCE:less-633-3.1 Image SLE-Micro-EC2:less-633-3.1 Image SLE-Micro-GCE:less-633-3.1 SUSE Liberty Linux 8:delve-1.21.2-4.module+el8.10.0+22329+6cd5c9c6 SUSE Liberty Linux 8:go-toolset-1.21.13-1.module+el8.10.0+22329+6cd5c9c6 SUSE Liberty Linux 8:golang-1.21.13-3.module+el8.10.0+22345+acdd8d0e SUSE Liberty Linux 8:golang-bin-1.21.13-3.module+el8.10.0+22345+acdd8d0e SUSE Liberty Linux 8:golang-docs-1.21.13-3.module+el8.10.0+22345+acdd8d0e SUSE Liberty Linux 8:golang-misc-1.21.13-3.module+el8.10.0+22345+acdd8d0e SUSE Liberty Linux 8:golang-src-1.21.13-3.module+el8.10.0+22345+acdd8d0e SUSE Liberty Linux 8:golang-tests-1.21.13-3.module+el8.10.0+22345+acdd8d0e SUSE Liberty Linux 8:grafana-9.2.10-20.el8_10 SUSE Liberty Linux 8:grafana-pcp-5.1.1-9.el8_10 SUSE Liberty Linux 8:grafana-selinux-9.2.10-20.el8_10 SUSE Liberty Linux 9:git-lfs-3.6.1-1.el9 SUSE Liberty Linux 9:go-toolset-1.21.13-4.el9_4 SUSE Liberty Linux 9:golang-1.21.13-4.el9_4 SUSE Liberty Linux 9:golang-bin-1.21.13-4.el9_4 SUSE Liberty Linux 9:golang-docs-1.21.13-4.el9_4 SUSE Liberty Linux 9:golang-misc-1.21.13-4.el9_4 SUSE Liberty Linux 9:golang-src-1.21.13-4.el9_4 SUSE Liberty Linux 9:golang-tests-1.21.13-4.el9_4 SUSE Liberty Linux 9:grafana-9.2.10-19.el9_4 SUSE Liberty Linux 9:grafana-selinux-9.2.10-19.el9_4 SUSE Linux Enterprise Server 16.0:govulncheck-vulndb-0.0.20250814T182633-160000.1.2 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241030T212825-1.1 moderate