GO-2026-4760 CBC Padding Panic — Unauthenticated Process Crash in github.com/russellhaering/gosaml2

CBC Padding Panic — Unauthenticated Process Crash in github.com/russellhaering/gosaml2...

GO-2023-1602 Denial of service via deflate decompression bomb in github.com/russellhaering/gosaml2

A bug in SAML authentication library can result in Denial of Service attacks. Attackers can craft a "deflate"-compressed request which will consume significantly more memory during processing than the size of the original request. This may eventually lead to memory exhaustion and the process bein...

GHSA-MQQV-CHPX-VQ25 goxmldsig vulnerable to crash on nil-pointer dereference caused by sending malformed XML signatures

This affects all versions of package github.com/russellhaering/goxmldsig prior to 1.1.1. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. This issue is patched in version 1.1.1...

GHSA-XHQQ-X44F-9FGG Authentication Bypass in github.com/russellhaering/gosaml2

Impact Given a valid SAML Response, it may be possible for an attacker to mutate the XML document in such a way that gosaml2 will trust a different portion of the document than was signed. Depending on the implementation of the Service Provider this enables a variety of attacks, including users...

github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass

Impact With a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. Patches A patch is available, all users of goxmldsig should upgrade to v1.1.0. For more information If you have any questions or comments about this...

Null pointer dereference

This affects all versions 0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures...

CVE-2020-7731

The CVE-2020-7731 issue affects github.com/russellhaering/gosaml2 versions prior to 0.7.0, causing a nil-pointer dereference when processing malformed XML signatures. The vulnerability is fixed in v0.7.0 (released Mar 2, 2022). Remediation: upgrade to 0.7.0 or later. Workarounds mentioned in rela...

CVE-2020-7731 Denial of Service (DoS)

This affects all versions 0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures...

GO-2021-0060 Authentication bypass in github.com/russellhaering/gosaml2

Due to the behavior of encoding/xml, a crafted XML document may cause XML Digital Signature validation to be entirely bypassed, causing an unsigned document to appear signed...

GO-2020-0050 XML digital signature validation bypass in github.com/russellhaering/goxmldsig

Due to the behavior of encoding/xml, a crafted XML document may cause XML Digital Signature validation to be entirely bypassed, causing an unsigned document to appear signed...

[SECURITY] Fedora 32 Update: golang-github-russellhaering-goxmldsig-1.1.0-1.fc32

Pure Go implementation of XML Digital Signatures...

Fedora 32 : golang-github-russellhaering-goxmldsig (2021-9316ee2948)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-9316ee2948 advisory. - In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely...

Fedora: Security Advisory for golang-github-russellhaering-goxmldsig (FEDORA-2021-a2a7673da2)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-russellhaering-goxmldsig (FEDORA-2021-9316ee2948)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 33 : golang-github-russellhaering-goxmldsig (2021-a2a7673da2)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-a2a7673da2 advisory. - In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely...

Denial Of Service (DoS)

github.com/russellhaering/goxmldsig is vulnerable to denial of service. A NULL pointer dereference allows an attacker to crash the application with a malicious input...

CVE-2020-7711

This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures...

CVE-2020-7711

This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures...

CVE-2020-7711

CVE-2020-7711 affects gosaml2 prior to 0.7.0 and goxmldsig prior to 1.1.1. The underlying issue is a nil-pointer dereference when validating malformed XML Digital Signatures, leading to crashes (potential DoS). Remediation per the connected documents: upgrade gosaml2 to 0.7.0+ and goxmldsig to 1....

CVE-2020-7711

This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures...