Vulnerabilities > CVE-2020-7731 - NULL Pointer Dereference vulnerability in Gosaml2 Project Gosaml2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

gosaml2-project

CWE-476

NVD

Published: 2021-04-30

Updated: 2023-03-10

Summary

This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.

Vulnerable Configurations

Part	Description	Count
Application	Gosaml2_Project Gosaml2 Project Gosaml2 *	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302
https://github.com/russellhaering/gosaml2/issues/59
https://github.com/russellhaering/gosaml2/releases/tag/v0.7.0