Using crafted public RSA keys can cause a small memory leak when encrypting and verifying payloads. This can be gradually leveraged into a denial of service attack.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2024-2660" }
{ "imports": [ { "path": "github.com/golang-fips/openssl/v2", "symbols": [ "DecryptRSANoPadding", "DecryptRSAOAEP", "DecryptRSAPKCS1", "EncryptRSANoPadding", "EncryptRSAOAEP", "EncryptRSAPKCS1", "NewGCMTLS", "NewGCMTLS13", "NewRC4Cipher", "SignMarshalECDSA", "SignRSAPKCS1v15", "SignRSAPSS", "VerifyECDSA", "VerifyRSAPKCS1v15", "VerifyRSAPSS", "aesCipher.Decrypt", "aesCipher.Encrypt", "aesCipher.NewCBCDecrypter", "aesCipher.NewCBCEncrypter", "aesCipher.NewCTR", "aesCipher.NewGCM", "aesCipher.NewGCMTLS", "aesCipher.NewGCMTLS13", "desCipher.Decrypt", "desCipher.Encrypt", "desCipher.NewCBCDecrypter", "desCipher.NewCBCEncrypter", "desCipherWithoutCBC.Decrypt", "desCipherWithoutCBC.Encrypt", "newCipherCtx", "noGCM.Decrypt", "noGCM.Encrypt", "setupEVP" ] } ] }
{ "imports": [ { "path": "github.com/microsoft/go-crypto-openssl/openssl", "symbols": [ "DecryptRSANoPadding", "DecryptRSAOAEP", "DecryptRSAOAEPWithMGF1Hash", "DecryptRSAPKCS1", "EncryptRSANoPadding", "EncryptRSAOAEP", "EncryptRSAOAEPWithMGF1Hash", "EncryptRSAPKCS1", "SignMarshalECDSA", "SignRSAPKCS1v15", "SignRSAPSS", "VerifyECDSA", "VerifyRSAPKCS1v15", "VerifyRSAPSS", "setupEVP" ] } ] }