CVE-2024-9355

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 1, 2024
Updated: Oct 3, 2024
CWE ID 457

Summary

CVE-2024-9355 is a vulnerability identified in Golang FIPS OpenSSL that affects certain products, allowing an attacker to exploit uninitialized buffer lengths and potentially manipulate hash comparisons. This flaw can lead to the generation of insecure derived keys and may have implications for the Go TLS stack, posing risks to data integrity and confidentiality within affected systems. To remediate this vulnerability, organizations should apply available patches and updates as outlined in related Red Hat advisories. The severity of this issue is rated as medium with a CVSS score of 6.5, indicating a significant risk if exploited, particularly due to the low privileges required for exploitation. It is essential for organizations utilizing affected products to prioritize this vulnerability in their security management practices.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-9355 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions