Lucene search
PRIOn knowledge basePRION:CVE-2023-28119HistoryMar 22, 2023 - 8:15 p.m.
Design/Logic Flaw
2023-03-2220:15:00
PRIOn knowledge base
www.prio-n.com
5
design flaw
logic flaw
saml implementation
golang
http request
server-side processing
deflate algorithm
server crash
patched version 0.4.13
0.001 Low
EPSS
Percentile
47.5%
The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package’s use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issue is patched in version 0.4.13.
Related
cve
cve
CVE-2023-28119
2023-03-22 20:15:12
veracode
veracode
Denial Of Service (DoS)
2023-03-28 06:07:24
osv
osv
Denial of service via deflate compression bomb in github.com/crewjam/saml
2023-08-23 14:38:10
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
2023-03-22 21:23:25
CVE-2023-28119
2023-03-22 20:15:12
nvd
nvd
CVE-2023-28119
2023-03-22 20:15:12
redhatcve
redhatcve
CVE-2023-28119
2023-03-24 13:07:55
CVE-2023-1387
2023-05-11 06:21:21
debiancve
debiancve
CVE-2023-28119
2023-03-22 20:15:12
ubuntucve
ubuntucve
CVE-2023-28119
2023-03-22 00:00:00
cvelist
cvelist
github
github
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
2023-03-22 21:23:25
cgr
cgr
CVE-2023-28119 vulnerabilities
2024-05-19 03:07:16
openvas
openvas
freebsd
freebsd
Grafana -- Exposure of sensitive information to an unauthorized actor
2023-04-26 00:00:00