goxmldsig Loop Variable Capture Vulnerability in Signature Validation

A vulnerability exists in goxmldsig versions through 1.5.0 within the signature validation process. The issue arises in the 'validateSignature' function, where the loop variable '_ref' is captured by reference instead of by value. This flaw can lead to incorrect processing of XML Digital Signatures, allowing an attacker to bypass integrity checks by manipulating signed elements. The vulnerability is present in Go versions prior to 1.22, or when 'go.mod' references an older version.

Impact

Exploitation of this vulnerability allows for bypassing integrity checks on signed elements, enabling the replacement of their content with that of another referenced element, potentially leading to unauthorized modifications being validated as legitimate.

Reproduction

To reproduce this vulnerability, create an XML document with a signature that references multiple elements. The 'validateSignature' function will incorrectly handle the references due to the loop variable capture issue, allowing for a valid signature to be generated by manipulating the content of the referenced elements.

Remediation

Update to goxmldsig version 1.6.0 or later, and modify the 'validateSignature' function to correctly capture loop variable values by using the index to reference the 'SignedInfo.References' slice.