目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CVE-2024-9355— Google Golang 安全漏洞

CVSS 6.5 · Medium EPSS 0.30% · P21

影响版本矩阵 124

厂商产品版本范围状态
NoneNone全部affected
Red HatNBDE Tang Server全部affected
Red HatOpenShift Developer Tools and Services全部affected
全部affected
Red HatOpenShift Pipelines全部affected
Red HatOpenShift Serverless全部affected
Red HatRed Hat Ansible Automation Platform 1.2全部affected
全部affected
Red HatRed Hat Ansible Automation Platform 2全部affected
全部affected
Red HatRed Hat Enterprise Linux 10全部unaffected
全部unaffected
全部unaffected
全部unaffected
全部unaffected
全部unaffected
全部unaffected
全部unaffected
… +10 条更多
Red HatRed Hat Enterprise Linux 7全部affected
全部affected
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:0.10-2.el7_9< *unaffected
Red HatRed Hat Enterprise Linux 88100020241001112709.a3795dee< *unaffected
0:9.2.10-20.el8_10< *unaffected
0:5.1.1-9.el8_10< *unaffected
全部affected
全部affected
全部affected
全部affected
全部affected
… +7 条更多
Red HatRed Hat Enterprise Linux 90:1.21.13-4.el9_4< *unaffected
0:9.2.10-19.el9_4< *unaffected
0:132-1.el9< *unaffected
0:3.6.1-1.el9< *unaffected
全部affected
全部affected
全部unaffected
全部affected
… +10 条更多
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:5.1.1-4.el9_4< *unaffected
Red HatRed Hat OpenShift Container Platform 4全部affected
全部affected
全部unaffected
全部affected
全部affected
全部unaffected
全部affected
全部affected
… +22 条更多
Red HatRed Hat Openshift Container Storage 4全部affected
Red HatRed Hat Openshift Data Foundation 4全部affected
Red HatRed Hat OpenShift Dev Spaces全部unaffected
Red HatRed Hat OpenShift GitOps全部affected
Red HatRed Hat OpenShift on AWS全部affected
Red HatRed Hat OpenShift Virtualization 4全部affected
Red HatRed Hat OpenStack Platform 16.2全部affected
全部affected
全部affected
全部affected
Red HatRed Hat OpenStack Platform 17.1全部affected
全部affected
全部affected
全部affected
Red HatRed Hat Satellite 6全部unaffected
全部unaffected
全部affected
全部affected
全部affected
全部affected
Red HatRed Hat Service Interconnect 1全部affected
全部unaffected
全部affected
Red HatRed Hat Storage 3全部affected
Red HatRed Hat Trusted Artifact Signer全部affected
Red HatSatellite Client 6 for RHEL 100:0.3.1-1.el10sat< *unaffected
Red HatSatellite Client 6 for RHEL 80:0.3.1-1.el8sat< *unaffected
Red HatSatellite Client 6 for RHEL 90:0.3.1-1.el9sat< *unaffected
Red HatStreams for Apache Kafka 2.9.0全部unaffected

一、 漏洞 CVE-2024-9355 基础信息

漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Golang-fips: golang fips zeroed buffer
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
使用未经初始化的变量
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Google Golang 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Google Golang是美国谷歌(Google)公司的一种静态强类型、编译型语言。Go的语法接近C语言,但对于变量的声明有所不同。Go支持垃圾回收功能。Go的并行模型是以东尼·霍尔的通信顺序进程(CSP)为基础,采取类似模型的其他语言包括Occam和Limbo,但它也具有Pi运算的特征,比如通道传输。在1.8版本中开放插件(Plugin)的支持,这意味着现在能从Go中动态加载部分函数。 Google Golang存在安全漏洞,该漏洞源于允许恶意用户在FIPS模式下随机导致未初始化的缓冲区长度变量与零缓
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
----
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support 0:0.10-2.el7_9 ~ * cpe:/o:redhat:rhel_els:7
Red HatRed Hat Enterprise Linux 8 8100020241001112709.a3795dee ~ * cpe:/a:redhat:enterprise_linux:8::appstream
Red HatRed Hat Enterprise Linux 8 0:9.2.10-20.el8_10 ~ * cpe:/a:redhat:enterprise_linux:8::appstream
Red HatRed Hat Enterprise Linux 8 0:5.1.1-9.el8_10 ~ * cpe:/a:redhat:enterprise_linux:8::appstream
Red HatRed Hat Enterprise Linux 9 0:1.21.13-4.el9_4 ~ * cpe:/a:redhat:enterprise_linux:9::appstream
Red HatRed Hat Enterprise Linux 9 0:9.2.10-19.el9_4 ~ * cpe:/a:redhat:enterprise_linux:9::appstream
Red HatRed Hat Enterprise Linux 9 0:132-1.el9 ~ * cpe:/a:redhat:enterprise_linux:9::appstream
Red HatRed Hat Enterprise Linux 9 0:3.6.1-1.el9 ~ * cpe:/a:redhat:enterprise_linux:9::appstream
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support 0:5.1.1-4.el9_4 ~ * cpe:/a:redhat:rhel_eus:9.4::appstream
Red HatSatellite Client 6 for RHEL 10 0:0.3.1-1.el10sat ~ * cpe:/a:redhat:rhel_satellite_client:6::el10
Red HatSatellite Client 6 for RHEL 8 0:0.3.1-1.el8sat ~ * cpe:/a:redhat:rhel_satellite_client:6::el10
Red HatSatellite Client 6 for RHEL 9 0:0.3.1-1.el9sat ~ * cpe:/a:redhat:rhel_satellite_client:6::el10
Red HatStreams for Apache Kafka 2.9.0-cpe:/a:redhat:amq_streams:2
Red HatNBDE Tang Server-cpe:/a:redhat:network_bound_disk_encryption_tang:1
Red HatOpenShift Developer Tools and Services-cpe:/a:redhat:ocp_tools
Red HatOpenShift Developer Tools and Services-cpe:/a:redhat:ocp_tools
Red HatOpenShift Pipelines-cpe:/a:redhat:openshift_pipelines:1
Red HatOpenShift Serverless-cpe:/a:redhat:serverless:1
Red HatRed Hat Ansible Automation Platform 1.2-cpe:/a:redhat:ansible_automation_platform
Red HatRed Hat Ansible Automation Platform 1.2-cpe:/a:redhat:ansible_automation_platform
Red HatRed Hat Ansible Automation Platform 2-cpe:/a:redhat:ansible_automation_platform:2
Red HatRed Hat Ansible Automation Platform 2-cpe:/a:redhat:ansible_automation_platform:2
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 7-cpe:/o:redhat:enterprise_linux:7
Red HatRed Hat Enterprise Linux 7-cpe:/o:redhat:enterprise_linux:7
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4
Red HatRed Hat Openshift Container Storage 4-cpe:/a:redhat:openshift_container_storage:4
Red HatRed Hat Openshift Data Foundation 4-cpe:/a:redhat:openshift_data_foundation:4
Red HatRed Hat OpenShift Dev Spaces-cpe:/a:redhat:openshift_devspaces:3
Red HatRed Hat OpenShift GitOps-cpe:/a:redhat:openshift_gitops:1
Red HatRed Hat OpenShift on AWS-cpe:/a:redhat:openshift_service_on_aws:1
Red HatRed Hat OpenShift Virtualization 4-cpe:/a:redhat:container_native_virtualization:4
Red HatRed Hat OpenStack Platform 16.2-cpe:/a:redhat:openstack:16.2
Red HatRed Hat OpenStack Platform 16.2-cpe:/a:redhat:openstack:16.2
Red HatRed Hat OpenStack Platform 16.2-cpe:/a:redhat:openstack:16.2
Red HatRed Hat OpenStack Platform 16.2-cpe:/a:redhat:openstack:16.2
Red HatRed Hat OpenStack Platform 17.1-cpe:/a:redhat:openstack:17.1
Red HatRed Hat OpenStack Platform 17.1-cpe:/a:redhat:openstack:17.1
Red HatRed Hat OpenStack Platform 17.1-cpe:/a:redhat:openstack:17.1
Red HatRed Hat OpenStack Platform 17.1-cpe:/a:redhat:openstack:17.1
Red HatRed Hat Satellite 6-cpe:/a:redhat:satellite:6
Red HatRed Hat Satellite 6-cpe:/a:redhat:satellite:6
Red HatRed Hat Satellite 6-cpe:/a:redhat:satellite:6
Red HatRed Hat Satellite 6-cpe:/a:redhat:satellite:6
Red HatRed Hat Satellite 6-cpe:/a:redhat:satellite:6
Red HatRed Hat Satellite 6-cpe:/a:redhat:satellite:6
Red HatRed Hat Service Interconnect 1-cpe:/a:redhat:service_interconnect:1
Red HatRed Hat Service Interconnect 1-cpe:/a:redhat:service_interconnect:1
Red HatRed Hat Service Interconnect 1-cpe:/a:redhat:service_interconnect:1
Red HatRed Hat Storage 3-cpe:/a:redhat:storage:3
Red HatRed Hat Trusted Artifact Signer-cpe:/a:redhat:trusted_artifact_signer:1

二、漏洞 CVE-2024-9355 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2024-9355 的情报信息

登录查看更多情报信息。

CVE-2024-9355 补丁与修复 (1)

CVE-2024-9355 厂商安全公告 (9)

IV. Related Vulnerabilities

Same weakness: CWE-457

V. Comments for CVE-2024-9355

暂无评论

发表评论