DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2023-28119

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-28119

CGA ID

CGA-crwm-vx7g-3vq8

Severity

7.5

High

CVSS V3

Description

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issue is patched in version 0.4.13.

References

  • https://images.chainguard.dev/security/CGA-crwm-vx7g-3vq8

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images