5 matches found
CVE-2023-26483
A flaw was found in the gosaml2 package library. This issue may allow attackers to craft a deflate-compressed request, which will consume significantly more memory during processing than the size of the original request. This may eventually lead to memory exhaustion and the process being killed...
CVE-2023-26483
creationtimestamp| type| source ---|---|--- 2023-03-04 02:35:50+00:00| seen| https://t.me/cibsecurity/59421 2025-02-25 15:23:26+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5304...
CVE-2023-26483
gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a deflate-compressed request which will consume significantly more memor...
CVE-2023-26483 gosaml2 vulnerable to Denial of Service via deflate decompression bomb
gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a deflate-compressed request which will consume significantly more memor...
CVE-2023-26483
CVE-2023-26483 affects the Go library gosaml2 (SAML 2.0 implementation). A bug allows attackers to craft a deflate-compressed request that can consume memory far beyond the original size, potentially causing memory exhaustion and process termination (a deflate decompression bomb). The maximal obs...