### [CVE-2024-1394](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394)
![](https://img.shields.io/static/v1?label=Product&message=NBDE%20Tang%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Developer%20Tools%20and%20Services&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Pipelines&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Serverless&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%201.2&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%202&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%202.4%20for%20RHEL%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%202.4%20for%20RHEL%209&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Certification%20for%20Red%20Hat%20Enterprise%20Linux%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Certification%20for%20Red%20Hat%20Enterprise%20Linux%209&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Developer%20Tools&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.12&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.13&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.14&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.15&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Dev%20Spaces&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20GitOps&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Virtualization%204&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20on%20AWS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2016.1&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2016.2&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1%20for%20RHEL%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1%20for%20RHEL%209&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Openshift%20Container%20Storage%204&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Openshift%20Data%20Foundation%204&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Service%20Interconnect%201&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Software%20Collections&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Storage%203&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Release%20of%20Memory%20after%20Effective%20Lifetime&color=brighgreen)

### Description

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/NaInSec/CVE-LIST
- https://github.com/chnzzh/OpenSSL-CVE-lib
- https://github.com/fkie-cad/nvd-json-data-feeds