Vulnerability Report: GO-2023-1602
- CVE-2023-26483, GHSA-6gc3-crp7-25w5
- Affects: github.com/russellhaering/gosaml2
- Published: Mar 03, 2023
- Modified: Dec 14, 2023
A bug in SAML authentication library can result in Denial of Service attacks. Attackers can craft a "deflate"-compressed request which will consume significantly more memory during processing than the size of the original request. This may eventually lead to memory exhaustion and the process being killed.
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-6gc3-crp7-25w5.
Affected Packages
-
PathVersionsSymbols
-
before v0.9.0
Aliases
References
- https://github.com/advisories/GHSA-6gc3-crp7-25w5
- https://github.com/russellhaering/gosaml2/commit/f9d66040241093e8702649baff50cc70d2c683c0
- https://github.com/russellhaering/gosaml2/releases/tag/v0.9.0
- https://vuln.go.dev/ID/GO-2023-1602.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.