CVE-2020-7711 — NULL Pointer Dereference in Russellhaering Goxmldsig

CWE-476 — NULL Pointer Dereference12 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 36.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Russellhaering Goxmldsig Github.com Russellhaering Gosaml2

Timeline

PublishedAug 23

Latest updateNov 15

Description

This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5github.com/russellhaering_goxmldsig< unspecified

▶Gogithub.com/russellhaering_goxmldsig< 1.1.1

▶Gogithub.com/russellhaering_gosaml2< 0.7.0

🔴Vulnerability Details

OSV

github.com/russellhaering/gosaml2 is vulnerable to NULL Pointer Dereference↗2022-11-15

▶

OSV

goxmldsig vulnerable to crash on nil-pointer dereference caused by sending malformed XML signatures↗2022-10-07

▶

GHSA

goxmldsig vulnerable to crash on nil-pointer dereference caused by sending malformed XML signatures↗2022-10-07

▶

OSV

Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures↗2021-06-23

▶

OSV

Panic due to malformed XML digital signature in github.com/russellhaering/goxmldsig↗2021-04-14

▶

📋Vendor Advisories

Red Hat

goxmldsig: sending malformed XML signatures could result in a crash↗2020-08-14

▶

Debian

CVE-2020-7711: golang-github-russellhaering-goxmldsig - This affects all versions of package github.com/russellhaering/goxmldsig. There ...↗2020

▶

💬Community

Bugzilla

CVE-2020-7711 goxmldsig: sending malformed XML signatures could result in a crash↗2020-08-24

▶

Bugzilla

CVE-2020-7711 golang-github-russellhaering-goxmldsig: goxmldsig: sending malformed XML signatures could result in a crash [fedora-all]↗2020-08-24

▶