Name | CVE-2025-25293 |
Description | ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-4115-1 |
Debian Bugs | 1100441 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
ruby-saml (PTS) | bullseye | 1.11.0-1 | vulnerable |
bullseye (security) | 1.11.0-1+deb11u2 | fixed | |
bookworm, bookworm (security) | 1.13.0-1+deb12u1 | vulnerable | |
sid, trixie | 1.17.0-1 | vulnerable |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
ruby-saml | source | bullseye | 1.11.0-1+deb11u2 | DLA-4115-1 | ||
ruby-saml | source | (unstable) | (unfixed) | 1100441 |
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq
Vulnerability might be the result of an incomplete fix for a zipbomb attack.
https://github.com/SAML-Toolkits/ruby-saml/pull/383 (v1.12.0)
https://github.com/SAML-Toolkits/ruby-saml/commit/533c84ebfc40f8cbac645b6c76ce4949f95d27d6 (v1.12.0)
https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1 (v1.12.4)
https://github.com/SAML-Toolkits/ruby-saml/pull/601 (v1.13.0..v1.18.0)
https://github.com/SAML-Toolkits/ruby-saml/commit/c21d6935b43a032701d99e398cbfc551e80bfb72 (v1.13.0)
https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a (v1.18.0)