| id: GO-2023-1602 |
| modules: |
| - module: github.com/russellhaering/gosaml2 |
| versions: |
| - fixed: 0.9.0 |
| vulnerable_at: 0.8.1 |
| packages: |
| - package: github.com/russellhaering/gosaml2 |
| symbols: |
| - SAMLServiceProvider.ValidateEncodedLogoutRequestPOST |
| - SAMLServiceProvider.validationContext |
| - SAMLServiceProvider.ValidateEncodedResponse |
| - maybeDeflate |
| - DecodeUnverifiedBaseResponse |
| - parseResponse |
| - DecodeUnverifiedLogoutResponse |
| - SAMLServiceProvider.ValidateEncodedLogoutResponsePOST |
| derived_symbols: |
| - SAMLServiceProvider.RetrieveAssertionInfo |
| summary: |- |
| Denial of service via deflate decompression bomb in |
| github.com/russellhaering/gosaml2 |
| description: |- |
| A bug in SAML authentication library can result in Denial of Service attacks. |
| |
| Attackers can craft a "deflate"-compressed request which will consume |
| significantly more memory during processing than the size of the original |
| request. This may eventually lead to memory exhaustion and the process being |
| killed. |
| cves: |
| - CVE-2023-26483 |
| ghsas: |
| - GHSA-6gc3-crp7-25w5 |
| references: |
| - advisory: https://github.com/advisories/GHSA-6gc3-crp7-25w5 |
| - fix: https://github.com/russellhaering/gosaml2/commit/f9d66040241093e8702649baff50cc70d2c683c0 |
| - web: https://github.com/russellhaering/gosaml2/releases/tag/v0.9.0 |
| review_status: REVIEWED |