CVE-2021-39171
Denial-of-service vulnerability in passport-saml (npm)
What is CVE-2021-39171 About?
This vulnerability is a Denial-of-Service (DoS) in SAML payload processing, where a malicious SAML payload can consume significant system resources during transformation. This resource exhaustion results in reduced or denied service. It is a relatively easy attack for anyone who can submit or influence SAML payloads to the affected system.
Affected Software
Technical Details
The vulnerability arises during the processing of SAML payloads, specifically when too many transforms are applied. A malicious SAML payload can be crafted to require an excessive number of transformations (e.g., XML transformations, canonicalization, etc.). Each transform consumes computational resources (CPU and memory). By increasing the number of required transforms beyond reasonable limits, an attacker can force the system to dedicate significant resources to processing the payload, leading to resource exhaustion, slow responses, or complete service denial. The resolution limits the number of allowable transforms to 2, indicating that more than two transforms could trigger this DoS condition.
What is the Impact of CVE-2021-39171?
Successful exploitation may allow attackers to disrupt service availability by causing applications to become unresponsive or degrade performance, leading to a denial of service.
What is the Exploitability of CVE-2021-39171?
Exploitation requires the ability to submit or influence a SAML payload to the vulnerable application. The complexity is low, primarily involving crafting a SAML payload with an excessive number of transforms. Authentication requirements depend on whether the SAML endpoint is accessible to unauthenticated users or requires prior authentication to interact with the SAML flow. There are no specific privilege requirements beyond the ability to initiate a SAML authentication request. It can be a remote exploit if the SAML endpoint is internet-accessible. The critical condition is that the SAML implementation does not adequately limit the number of transformations processed per payload.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2021-39171?
Available Upgrade Options
- passport-saml
- <3.1.0 → Upgrade to 3.1.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/node-saml/passport-saml/pull/595
- https://github.com/node-saml/passport-saml/security/advisories/GHSA-5379-r78w-42h2
- https://github.com/node-saml/passport-saml
- https://osv.dev/vulnerability/GHSA-5379-r78w-42h2
- https://github.com/node-saml/passport-saml/pull/595
- https://github.com/node-saml/passport-saml/commit/f1e00b64c21a725f545e675cd810bbaa435a3972
- https://nvd.nist.gov/vuln/detail/CVE-2021-39171
- https://github.com/node-saml/passport-saml/security/advisories/GHSA-5379-r78w-42h2
What are Similar Vulnerabilities to CVE-2021-39171?
Similar Vulnerabilities: CVE-2021-35517 , CVE-2022-21680 , CVE-2022-21446 , CVE-2021-44228 , CVE-2022-0778
