CVE-2023-26483
Denial of service via deflate decompression bomb in github.com/russellhaering/gosaml2
5.3
MEDIUM
CVSS 3.1
EPSS 0.59%
Description
A bug in SAML authentication library can result in Denial of Service attacks. Attackers can craft a "deflate"-compressed request which will consume significantly more memory during processing than the size of the original request. This may eventually lead to memory exhaustion and the process being killed.
How to fix CVE-2023-26483
To remediate CVE-2023-26483, upgrade the affected package to a fixed version below.
- —upgrade to 0.9.0 or later
- —upgrade to 0.9.0 or later
Is CVE-2023-26483 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.9.0
- from 0, < 0.9.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |