Vulnerabilities > CVE-2020-7711 - NULL Pointer Dereference vulnerability in Goxmldsig Project Goxmldsig

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

goxmldsig-project

CWE-476

NVD

Published: 2020-08-23

Updated: 2020-08-27

Summary

This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.

Vulnerable Configurations

Part	Description	Count
Application	Goxmldsig_Project Goxmldsig Project Goxmldsig *	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/russellhaering/goxmldsig/issues/48
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOXMLDSIG-608301