CVE-2024-9355: Unchecked Cgo Hmac Return
The return value of an underlying C HMAC function (e.g., HMAC_Update, HMAC_Final) is not checked. If this function fails, the error is ignored and execution proceeds, potentially returning an uninitialized or zero-filled buffer instead of a valid HMAC sum. Always check the return value of CGo cryptographic functions to prevent fallback to zero-filled buffers
Goβgreprules fetch cve-2024-9355-unchecked-cgo-hmac-return --engine opengrepDescription
The return value of an underlying C HMAC function (e.g., HMAC_Update, HMAC_Final) is not checked. If this function fails, the error is ignored and execution proceeds, potentially returning an uninitialized or zero-filled buffer instead of a valid HMAC sum. Always check the return value of CGo cryptographic functions to prevent fallback to zero-filled buffers
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0