Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures

GHSA-gq5r-cc4w-g8xf · CVE-2020-7711 · CVE-2020-7731 · GHSA-mqqv-chpx-vq25 · GHSA-prjq-f4q3-fvfr · GO-2020-0046

Published Jun 23, 2021 · Modified Mar 14, 2026

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-prjq-f4q3-fvfr. This link is maintained to preserve external references.

Original Description

This affects all versions less than 0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on null pointer dereference caused by sending malformed XML signatures.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-7731
WEB https://github.com/russellhaering/gosaml2/issues/59
WEB https://github.com/russellhaering/goxmldsig/issues/48
WEB https://github.com/russellhaering/gosaml2/pull/90
WEB https://github.com/russellhaering/gosaml2/commit/66e3b7affd622b8b24ea1e18845f045e46b23424
PACKAGE https://github.com/russellhaering/gosaml2
WEB https://github.com/russellhaering/gosaml2/releases/tag/v0.7.0
WEB https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes