Lucene search
Veracode Vulnerability DatabaseVERACODE:39970HistoryMar 28, 2023 - 6:07 a.m.
Denial Of Service (DoS)
2023-03-2806:07:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
vulnerability
github.com/crewjam/saml
dos attacks
flate.newreader
1 mb
data processing
0.001 Low
EPSS
Percentile
47.5%
github.com/crewjam/saml is vulnerable to Denial of Service (DoS) attacks. The vulnerability is due to the flate.NewReader function because it allows users to pass more than 1 MB of data to the processing functions, which will be decompressed server-side. After repeating the request a number of times, the application will reliably crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/crewjam/saml | le | v0.4.12 | |
| github.com/crewjam/saml | le | v0.4.12 |
Related
cve
cve
CVE-2023-28119
2023-03-22 20:15:12
osv
osv
Denial of service via deflate compression bomb in github.com/crewjam/saml
2023-08-23 14:38:10
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
2023-03-22 21:23:25
CVE-2023-28119
2023-03-22 20:15:12
nvd
nvd
CVE-2023-28119
2023-03-22 20:15:12
redhatcve
redhatcve
CVE-2023-28119
2023-03-24 13:07:55
CVE-2023-1387
2023-05-11 06:21:21
debiancve
debiancve
CVE-2023-28119
2023-03-22 20:15:12
prion
prion
Design/Logic Flaw
2023-03-22 20:15:00
ubuntucve
ubuntucve
CVE-2023-28119
2023-03-22 00:00:00
cvelist
cvelist
github
github
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
2023-03-22 21:23:25
cgr
cgr
CVE-2023-28119 vulnerabilities
2024-05-19 03:07:16
openvas
openvas
freebsd
freebsd
Grafana -- Exposure of sensitive information to an unauthorized actor
2023-04-26 00:00:00