Headline
GHSA-prjq-f4q3-fvfr: gosaml2 is vulnerable to NULL Pointer Dereference
Impact
In versions prior to v0.7.0 it was possible for an attacker to supply an invalid assertion which would trigger a panic due to a nil-pointer dereference.
Patches
The issue was patched in v0.7.0, released on March 2, 2022.
Workarounds
Callers to gosaml2 can use recover() to handle panics to mitigate a potential DoS.
References
See issue #59 for details.
gosaml2 is vulnerable to NULL Pointer Dereference
High severity GitHub Reviewed Published Nov 15, 2022 in russellhaering/gosaml2 • Updated Nov 15, 2022
Package
gomod github.com/russellhaering/gosaml2 (Go)
Affected versions
< 0.7.0
Patched versions
0.7.0
Description
Impact
In versions prior to v0.7.0 it was possible for an attacker to supply an invalid assertion which would trigger a panic due to a nil-pointer dereference.
Patches
The issue was patched in v0.7.0, released on March 2, 2022.
Workarounds
Callers to gosaml2 can use recover() to handle panics to mitigate a potential DoS.
References
See issue #59 for details.
References
- GHSA-prjq-f4q3-fvfr
- russellhaering/gosaml2#59
- GHSA-gq5r-cc4w-g8xf
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302
russellhaering published the maintainer security advisory
Nov 10, 2022
Severity
High
7.5
/ 10
CVSS base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weaknesses
CWE-476
CVE ID
CVE-2020-7731
GHSA ID
GHSA-prjq-f4q3-fvfr
Source code
russellhaering/gosaml2
Credits
- stevenjohnstone
Checking history
See something to contribute? Suggest improvements for this vulnerability.
Related news
This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.