Bug 1954383 (CVE-2020-7731)

Summary: CVE-2020-7731 russellhaering/gosaml2: Null pointer dereference via malformed XML signatures allows for denial of service
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-04 10:46:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1954384    

Description Sam Fowler 2021-04-28 04:16:10 UTC 
Affected versions of github.com/russellhaering/gosaml2 are vulnerable to Denial of Service (DoS). There is a crash on nil-pointer dereference caused by sending malformed XML signatures.


References:

https://github.com/russellhaering/gosaml2/issues/59
https://stevenjohnstone.net/posts/snyk/
Comment 1 Sam Fowler 2021-05-04 06:00:53 UTC 
Mitigated by fix in dependency gosaml2's dependency, github.com/beevik/etree:

https://github.com/beevik/etree/commit/4a2f8b9d084c5fffa2fe44a73bd8efaf7dcda53a
Comment 4 Sam Fowler 2021-05-04 06:05:29 UTC 
External Reference:

https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302
Comment 5 Product Security DevOps Team 2021-05-04 10:46:36 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-7731