CVE-2009-3476Improper Restriction of Operations within the Bounds of a Memory Buffer in Opensaml

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
9.3CRITICALNVD
EPSS
1.8%
top 17.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Internet2 OpensamlInternet2 Shibboleth-spXmltooling Project Xmltooling+1 more
Timeline
PublishedSep 29
Latest updateMay 2

Description

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages6 packages

Debianinternet2/shibboleth-sp< 3.0.2+dfsg1-2+3
NVDinternet2/shibboleth-sp7 versions+6
Debianinternet2/opensaml< 3.0.0-2+3
NVDinternet2/opensaml1.1, 1.1.1+1
NVDinternet2/xmltooling5 versions+4

🔴Vulnerability Details

3
GHSA
GHSA-hvmf-6hr8-vcpv: Buffer overflow in OpenSAML before 12022-05-02
OSV
CVE-2009-3476: Buffer overflow in OpenSAML before 12009-09-29
CVEList
CVE-2009-3476: Buffer overflow in OpenSAML before 12009-09-29

📋Vendor Advisories

1
Debian
CVE-2009-3476: opensaml - Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service...2009
CVE-2009-3476 — Internet2 Opensaml vulnerability | cvebase