Lucene search
Veracode Vulnerability DatabaseVERACODE:39585HistoryMar 08, 2023 - 4:12 a.m.
Denial Of Service (DoS)
2023-03-0804:12:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
denial of service
vulnerability
gosaml2
library
compression ratio
deflate
attacker
crash
malicious
requests
software
0.001 Low
EPSS
Percentile
44.9%
github.com/russellhaering/gosaml2 is vulnerable to Denial Of Service (DoS). The vulnerability exists because the library does not limit the maximum compression ratio achievable with deflate, possibly allowing an attacker to cause the process to crash by sending maliciously crafted deflate-compress requests.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/russellhaering/gosaml2 | le | v0.8.1 | |
| github.com/russellhaering/gosaml2 | le | v0.8.1 |
Related
osv
osv
Denial of service via deflate decompression bomb in github.com/russellhaering/gosaml2
2023-03-03 17:17:54
gosaml2 vulnerable to Denial Of Service Via Deflate Decompression Bomb
2023-03-02 23:12:47
CVE-2023-26483
2023-03-03 23:15:12
cvelist
cvelist
redhatcve
redhatcve
CVE-2023-26483
2023-03-09 00:14:19
prion
prion
Design/Logic Flaw
2023-03-03 23:15:00
nvd
nvd
CVE-2023-26483
2023-03-03 23:15:12
github
github
gosaml2 vulnerable to Denial Of Service Via Deflate Decompression Bomb
2023-03-02 23:12:47
cve
cve
CVE-2023-26483
2023-03-03 23:15:12