CVE-2024-9355
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-9355 is a vulnerability identified in Golang FIPS OpenSSL that affects certain products, allowing an attacker to exploit uninitialized buffer lengths and potentially manipulate hash comparisons. This flaw can lead to the generation of insecure derived keys and may have implications for the Go TLS stack, posing risks to data integrity and confidentiality within affected systems. To remediate this vulnerability, organizations should apply available patches and updates as outlined in related Red Hat advisories. The severity of this issue is rated as medium with a CVSS score of 6.5, indicating a significant risk if exploited, particularly due to the low privileges required for exploitation. It is essential for organizations utilizing affected products to prioritize this vulnerability in their security management practices.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions