gosaml2 vulnerable to Denial Of Service Via Deflate Decompression Bomb

🗓️ 02 Mar 2023 23:12:47Reported by GitHub Advisory DatabaseType

github

github🔗 github.com👁 23 Views

SAML Service Providers Vulnerable to DoS via Deflate Bomb

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-26483	4 Mar 202302:35	–	circl
CNNVD	gosaml2 安全漏洞	3 Mar 202300:00	–	cnnvd
CVE	CVE-2023-26483	3 Mar 202322:02	–	cve
Cvelist	CVE-2023-26483 gosaml2 vulnerable to Denial of Service via deflate decompression bomb	3 Mar 202322:02	–	cvelist
EUVD	EUVD-2023-0904	3 Oct 202520:07	–	euvd
NVD	CVE-2023-26483	3 Mar 202323:15	–	nvd
OSV	CVE-2023-26483 gosaml2 vulnerable to Denial of Service via deflate decompression bomb	3 Mar 202322:02	–	osv
OSV	GHSA-6GC3-CRP7-25W5 gosaml2 vulnerable to Denial Of Service Via Deflate Decompression Bomb	2 Mar 202323:12	–	osv
OSV	GO-2023-1602 Denial of service via deflate decompression bomb in github.com/russellhaering/gosaml2	3 Mar 202317:17	–	osv
Prion	Design/Logic Flaw	3 Mar 202323:15	–	prion

Vulners

Node

russellhaering gosaml2Range<0.9.0go

Source	Link
github	www.github.com/russellhaering/gosaml2/security/advisories/GHSA-6gc3-crp7-25w5
github	www.github.com/russellhaering/gosaml2/commit/f9d66040241093e8702649baff50cc70d2c683c0
github	www.github.com/russellhaering/gosaml2/releases/tag/v0.9.0
pkg	www.pkg.go.dev/vuln/GO-2023-1602
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-26483
github	www.github.com/advisories/GHSA-6gc3-crp7-25w5

20 May 2024 21:49Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.3

EPSS0.00591

SSVC

saml dos vulnerable compression memory exhaustion gosaml2 mitigation concurrency garbage collector patches