A memory leak flaw has been discovered in the Golang programming language, specifically within the RSA encrypting and decrypting code. Attackers can exploit this vulnerability to exhaust computing resources using attacker-controlled inputs. This issue resides in the github.com/golang-fips/openssl/openssl/rsa.go file at line 113, leaking objects pkey​ and ctx​.


Golang is a statically-typed, compiled programming language developed by Google. Its concurrency and memory safety features make it an ideal option for developing high-performance applications. However, Golang is not immune to security vulnerabilities, as evidenced by this newly discovered memory leak flaw.


The vulnerability is located in rsa.go, a file implementing RSA encryption and decryption functionality utilizing binding to OpenSSL's libcrypto library. The problem arises when the named return parameters are utilized to free pkey​ and ctx​ upon encountering an error during the context initialization or setting various properties. All error-related return statements follow the "return nil, nil, fail(...)" pattern, which results in both pkey​ and ctx​ being set to nil within the deferred function responsible for freeing these objects.

Code Snippet (github.com/golang-fips/openssl/openssl/rsa.go#L113)

func encryptOrDecrypt(ciphers []builtin, rsa *RSA, flen int, from, to *C.uchar, ignore []byte) (int, bool, error) {
  pkey := C.EVP_PKEY_new()
  if pkey == nil {
    return , false, fail("EVP_PKEY_new failed")
  defer C.EVP_PKEY_free(pkey)

  ctx := C.EVP_CIPHER_CTX_new()
  if ctx == nil {
    return , false, fail("EVP_CIPHER_CTX_new failed")
  defer C.EVP_CIPHER_CTX_free(ctx)

  // Remaining initialization and processing code...


An attacker can exploit this memory leak flaw by repeatedly sending specific attacker-controlled inputs, ultimately exhausting resources and causing a denial of service. As pkey​ and ctx​ are not being properly freed, they accumulate over time, consuming more memory than necessary.

Mitigation and Recommendations

Developers using Golang's RSA encrypting and decrypting code should apply a patch or update their Golang dependency to correct the memory leak. Additionally, they should monitor resources to detect any potential resource exhaustion attempts. Proper error handling should be implemented to ensure that leaked objects are released appropriately.

Original References

- Golang: https://golang.org/
- Golang-FIPS: https://github.com/golang-fips
- Vulnerable Code: https://github.com/golang-fips/openssl/blob/master/openssl/rsa.go#L113


While Golang is a powerful and efficient programming language, developers must remain vigilant and stay up to date on the latest security vulnerabilities to maintain the integrity of their applications. In the case of CVE-2024-1394, applying an appropriate patch or updating Golang dependencies can help prevent the memory leak flaw from causing a resource exhaustion vulnerability.


Published on: 03/21/2024 13:00:08 UTC
Last modified on: 03/26/2024 00:15:08 UTC