Vulnerability Report: GO-2023-1602

CVE-2023-26483, GHSA-6gc3-crp7-25w5
Affects: github.com/russellhaering/gosaml2
Published: Mar 03, 2023
Modified: May 20, 2024

A bug in SAML authentication library can result in Denial of Service attacks. Attackers can craft a "deflate"-compressed request which will consume significantly more memory during processing than the size of the original request. This may eventually lead to memory exhaustion and the process being killed.

For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-6gc3-crp7-25w5.

Affected Packages

Path

Go Versions

Symbols
github.com/russellhaering/gosaml2

before v0.9.0
6 affected symbols

Aliases

CVE-2023-26483
GHSA-6gc3-crp7-25w5

References

https://github.com/advisories/GHSA-6gc3-crp7-25w5
https://github.com/russellhaering/gosaml2/commit/f9d66040241093e8702649baff50cc70d2c683c0
https://github.com/russellhaering/gosaml2/releases/tag/v0.9.0
https://vuln.go.dev/ID/GO-2023-1602.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL