CVE-2024-1394 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-1394 Interim 1 13 2025-08-06T01:06:08Z current 2024-03-23T00:10:33Z 2025-08-06T01:06:08Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-1394 A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 SUSE Liberty Linux 9 aardvark-dns-1.10.0-1.module+el8.10.0+22202+761b9a65 buildah-1.33.7-3.el9_4 buildah-1.33.8-4.module+el8.10.0+22202+761b9a65 buildah-tests-1.33.7-3.el9_4 buildah-tests-1.33.8-4.module+el8.10.0+22202+761b9a65 cockpit-podman-84.1-1.module+el8.10.0+22202+761b9a65 conmon-2.1.10-1.module+el8.10.0+22202+761b9a65 container-selinux-2.229.0-2.module+el8.10.0+22202+761b9a65 containernetworking-plugins-1.4.0-4.el9_4 containernetworking-plugins-1.4.0-5.module+el8.10.0+22202+761b9a65 containers-common-1-82.module+el8.10.0+22202+761b9a65 crit-3.18-5.module+el8.10.0+22202+761b9a65 criu-3.18-5.module+el8.10.0+22202+761b9a65 criu-devel-3.18-5.module+el8.10.0+22202+761b9a65 criu-libs-3.18-5.module+el8.10.0+22202+761b9a65 crun-1.14.3-2.module+el8.10.0+22202+761b9a65 delve-1.20.2-1.module+el8.9.0+18926+5193682d fuse-overlayfs-1.13-1.module+el8.10.0+22202+761b9a65 go-toolset-1.20.12-1.module+el8.9.0+21033+5795bdf6 go-toolset-1.21.9-2.el9_4 golang-1.20.12-3.module+el8.9.0+21528+703c3aa2 golang-1.21.9-2.el9_4 golang-bin-1.20.12-3.module+el8.9.0+21528+703c3aa2 golang-bin-1.21.9-2.el9_4 golang-docs-1.20.12-3.module+el8.9.0+21528+703c3aa2 golang-docs-1.21.9-2.el9_4 golang-misc-1.20.12-3.module+el8.9.0+21528+703c3aa2 golang-misc-1.21.9-2.el9_4 golang-src-1.20.12-3.module+el8.9.0+21528+703c3aa2 golang-src-1.21.9-2.el9_4 golang-tests-1.20.12-3.module+el8.9.0+21528+703c3aa2 golang-tests-1.21.9-2.el9_4 grafana-9.2.10-16.el8_10 grafana-9.2.10-16.el9_4 grafana-pcp-5.1.1-2.el8_9 grafana-pcp-5.1.1-2.el9_4 grafana-selinux-9.2.10-16.el8_10 grafana-selinux-9.2.10-16.el9_4 gvisor-tap-vsock-0.7.3-4.el9_4 libslirp-4.4.0-2.module+el8.10.0+22202+761b9a65 libslirp-devel-4.4.0-2.module+el8.10.0+22202+761b9a65 netavark-1.10.3-1.module+el8.10.0+22202+761b9a65 oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+22202+761b9a65 podman-4.9.4-12.module+el8.10.0+22202+761b9a65 podman-4.9.4-5.el9_4 podman-catatonit-4.9.4-12.module+el8.10.0+22202+761b9a65 podman-docker-4.9.4-12.module+el8.10.0+22202+761b9a65 podman-docker-4.9.4-5.el9_4 podman-gvproxy-4.9.4-12.module+el8.10.0+22202+761b9a65 podman-plugins-4.9.4-12.module+el8.10.0+22202+761b9a65 podman-plugins-4.9.4-5.el9_4 podman-remote-4.9.4-12.module+el8.10.0+22202+761b9a65 podman-remote-4.9.4-5.el9_4 podman-tests-4.9.4-12.module+el8.10.0+22202+761b9a65 podman-tests-4.9.4-5.el9_4 python3-criu-3.18-5.module+el8.10.0+22202+761b9a65 python3-podman-4.9.0-2.module+el8.10.0+22202+761b9a65 runc-1.1.12-3.el9_4 runc-1.1.12-4.module+el8.10.0+22202+761b9a65 skopeo-1.14.3-3.el9_4 skopeo-1.14.5-3.module+el8.10.0+22202+761b9a65 skopeo-tests-1.14.3-3.el9_4 skopeo-tests-1.14.5-3.module+el8.10.0+22202+761b9a65 slirp4netns-1.2.3-1.module+el8.10.0+22202+761b9a65 toolbox-0.0.99.5-2.module+el8.10.0+22202+761b9a65 toolbox-tests-0.0.99.5-2.module+el8.10.0+22202+761b9a65 udica-0.2.6-21.module+el8.10.0+22202+761b9a65 aardvark-dns-1.10.0-1.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 buildah-1.33.8-4.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 buildah-tests-1.33.8-4.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 cockpit-podman-84.1-1.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 conmon-2.1.10-1.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 container-selinux-2.229.0-2.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 containernetworking-plugins-1.4.0-5.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 containers-common-1-82.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 crit-3.18-5.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 criu-3.18-5.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 criu-devel-3.18-5.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 criu-libs-3.18-5.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 crun-1.14.3-2.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 delve-1.20.2-1.module+el8.9.0+18926+5193682d as a component of SUSE Liberty Linux 8 fuse-overlayfs-1.13-1.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 go-toolset-1.20.12-1.module+el8.9.0+21033+5795bdf6 as a component of SUSE Liberty Linux 8 golang-1.20.12-3.module+el8.9.0+21528+703c3aa2 as a component of SUSE Liberty Linux 8 golang-bin-1.20.12-3.module+el8.9.0+21528+703c3aa2 as a component of SUSE Liberty Linux 8 golang-docs-1.20.12-3.module+el8.9.0+21528+703c3aa2 as a component of SUSE Liberty Linux 8 golang-misc-1.20.12-3.module+el8.9.0+21528+703c3aa2 as a component of SUSE Liberty Linux 8 golang-src-1.20.12-3.module+el8.9.0+21528+703c3aa2 as a component of SUSE Liberty Linux 8 golang-tests-1.20.12-3.module+el8.9.0+21528+703c3aa2 as a component of SUSE Liberty Linux 8 grafana-9.2.10-16.el8_10 as a component of SUSE Liberty Linux 8 grafana-pcp-5.1.1-2.el8_9 as a component of SUSE Liberty Linux 8 grafana-selinux-9.2.10-16.el8_10 as a component of SUSE Liberty Linux 8 libslirp-4.4.0-2.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 libslirp-devel-4.4.0-2.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 netavark-1.10.3-1.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 podman-4.9.4-12.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 podman-catatonit-4.9.4-12.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 podman-docker-4.9.4-12.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 podman-gvproxy-4.9.4-12.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 podman-plugins-4.9.4-12.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 podman-remote-4.9.4-12.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 podman-tests-4.9.4-12.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 python3-criu-3.18-5.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 python3-podman-4.9.0-2.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 runc-1.1.12-4.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 skopeo-1.14.5-3.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 skopeo-tests-1.14.5-3.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 slirp4netns-1.2.3-1.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 toolbox-0.0.99.5-2.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 toolbox-tests-0.0.99.5-2.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 udica-0.2.6-21.module+el8.10.0+22202+761b9a65 as a component of SUSE Liberty Linux 8 buildah-1.33.7-3.el9_4 as a component of SUSE Liberty Linux 9 buildah-tests-1.33.7-3.el9_4 as a component of SUSE Liberty Linux 9 containernetworking-plugins-1.4.0-4.el9_4 as a component of SUSE Liberty Linux 9 go-toolset-1.21.9-2.el9_4 as a component of SUSE Liberty Linux 9 golang-1.21.9-2.el9_4 as a component of SUSE Liberty Linux 9 golang-bin-1.21.9-2.el9_4 as a component of SUSE Liberty Linux 9 golang-docs-1.21.9-2.el9_4 as a component of SUSE Liberty Linux 9 golang-misc-1.21.9-2.el9_4 as a component of SUSE Liberty Linux 9 golang-src-1.21.9-2.el9_4 as a component of SUSE Liberty Linux 9 golang-tests-1.21.9-2.el9_4 as a component of SUSE Liberty Linux 9 grafana-9.2.10-16.el9_4 as a component of SUSE Liberty Linux 9 grafana-pcp-5.1.1-2.el9_4 as a component of SUSE Liberty Linux 9 grafana-selinux-9.2.10-16.el9_4 as a component of SUSE Liberty Linux 9 gvisor-tap-vsock-0.7.3-4.el9_4 as a component of SUSE Liberty Linux 9 podman-4.9.4-5.el9_4 as a component of SUSE Liberty Linux 9 podman-docker-4.9.4-5.el9_4 as a component of SUSE Liberty Linux 9 podman-plugins-4.9.4-5.el9_4 as a component of SUSE Liberty Linux 9 podman-remote-4.9.4-5.el9_4 as a component of SUSE Liberty Linux 9 podman-tests-4.9.4-5.el9_4 as a component of SUSE Liberty Linux 9 runc-1.1.12-3.el9_4 as a component of SUSE Liberty Linux 9 skopeo-1.14.3-3.el9_4 as a component of SUSE Liberty Linux 9 skopeo-tests-1.14.3-3.el9_4 as a component of SUSE Liberty Linux 9 A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them. CVE-2024-1394 SUSE Liberty Linux 8:aardvark-dns-1.10.0-1.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:buildah-1.33.8-4.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:buildah-tests-1.33.8-4.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:cockpit-podman-84.1-1.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:conmon-2.1.10-1.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:container-selinux-2.229.0-2.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:containernetworking-plugins-1.4.0-5.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:containers-common-1-82.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:crit-3.18-5.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:criu-3.18-5.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:criu-devel-3.18-5.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:criu-libs-3.18-5.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:crun-1.14.3-2.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:delve-1.20.2-1.module+el8.9.0+18926+5193682d SUSE Liberty Linux 8:fuse-overlayfs-1.13-1.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:go-toolset-1.20.12-1.module+el8.9.0+21033+5795bdf6 SUSE Liberty Linux 8:golang-1.20.12-3.module+el8.9.0+21528+703c3aa2 SUSE Liberty Linux 8:golang-bin-1.20.12-3.module+el8.9.0+21528+703c3aa2 SUSE Liberty Linux 8:golang-docs-1.20.12-3.module+el8.9.0+21528+703c3aa2 SUSE Liberty Linux 8:golang-misc-1.20.12-3.module+el8.9.0+21528+703c3aa2 SUSE Liberty Linux 8:golang-src-1.20.12-3.module+el8.9.0+21528+703c3aa2 SUSE Liberty Linux 8:golang-tests-1.20.12-3.module+el8.9.0+21528+703c3aa2 SUSE Liberty Linux 8:grafana-9.2.10-16.el8_10 SUSE Liberty Linux 8:grafana-pcp-5.1.1-2.el8_9 SUSE Liberty Linux 8:grafana-selinux-9.2.10-16.el8_10 SUSE Liberty Linux 8:libslirp-4.4.0-2.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:libslirp-devel-4.4.0-2.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:netavark-1.10.3-1.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:oci-seccomp-bpf-hook-1.2.10-1.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:podman-4.9.4-12.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:podman-catatonit-4.9.4-12.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:podman-docker-4.9.4-12.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:podman-gvproxy-4.9.4-12.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:podman-plugins-4.9.4-12.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:podman-remote-4.9.4-12.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:podman-tests-4.9.4-12.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:python3-criu-3.18-5.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:python3-podman-4.9.0-2.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:runc-1.1.12-4.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:skopeo-1.14.5-3.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:skopeo-tests-1.14.5-3.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:slirp4netns-1.2.3-1.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:toolbox-0.0.99.5-2.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:toolbox-tests-0.0.99.5-2.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 8:udica-0.2.6-21.module+el8.10.0+22202+761b9a65 SUSE Liberty Linux 9:buildah-1.33.7-3.el9_4 SUSE Liberty Linux 9:buildah-tests-1.33.7-3.el9_4 SUSE Liberty Linux 9:containernetworking-plugins-1.4.0-4.el9_4 SUSE Liberty Linux 9:go-toolset-1.21.9-2.el9_4 SUSE Liberty Linux 9:golang-1.21.9-2.el9_4 SUSE Liberty Linux 9:golang-bin-1.21.9-2.el9_4 SUSE Liberty Linux 9:golang-docs-1.21.9-2.el9_4 SUSE Liberty Linux 9:golang-misc-1.21.9-2.el9_4 SUSE Liberty Linux 9:golang-src-1.21.9-2.el9_4 SUSE Liberty Linux 9:golang-tests-1.21.9-2.el9_4 SUSE Liberty Linux 9:grafana-9.2.10-16.el9_4 SUSE Liberty Linux 9:grafana-pcp-5.1.1-2.el9_4 SUSE Liberty Linux 9:grafana-selinux-9.2.10-16.el9_4 SUSE Liberty Linux 9:gvisor-tap-vsock-0.7.3-4.el9_4 SUSE Liberty Linux 9:podman-4.9.4-5.el9_4 SUSE Liberty Linux 9:podman-docker-4.9.4-5.el9_4 SUSE Liberty Linux 9:podman-plugins-4.9.4-5.el9_4 SUSE Liberty Linux 9:podman-remote-4.9.4-5.el9_4 SUSE Liberty Linux 9:podman-tests-4.9.4-5.el9_4 SUSE Liberty Linux 9:runc-1.1.12-3.el9_4 SUSE Liberty Linux 9:skopeo-1.14.3-3.el9_4 SUSE Liberty Linux 9:skopeo-tests-1.14.3-3.el9_4 important