Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-28119HistoryMar 22, 2023 - 8:15 p.m.
CVE-2023-28119
2023-03-2220:15:12
Debian Security Bug Tracker
security-tracker.debian.org
9
0.001 Low
EPSS
Percentile
47.0%
The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package’s use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issue is patched in version 0.4.13.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 999 | all | golang-github-crewjam-saml | <= 0.4.12-2 | golang-github-crewjam-saml_0.4.12-2_all.deb |
Related
osv
osv
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
2023-03-22 21:23:25
Denial of service via deflate compression bomb in github.com/crewjam/saml
2023-08-23 14:38:10
CVE-2023-28119
2023-03-22 20:15:12
veracode
veracode
Denial Of Service (DoS)
2023-03-28 06:07:24
cve
cve
CVE-2023-28119
2023-03-22 20:15:12
prion
prion
Design/Logic Flaw
2023-03-22 20:15:00
redhatcve
redhatcve
CVE-2023-28119
2023-03-24 13:07:55
CVE-2023-1387
2023-05-11 06:21:21
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2023-28119
2023-03-22 00:00:00
github
github
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
2023-03-22 21:23:25
cgr
cgr
CVE-2023-28119 vulnerabilities
2024-05-19 03:07:16
openvas
openvas
freebsd
freebsd
Grafana -- Exposure of sensitive information to an unauthorized actor
2023-04-26 00:00:00