CVE-2020-7226
published 2020-01-24CVE-2020-7226: CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | communications_services_gatekeeper | — | — |
| oracle | webcenter_sites | — | — |
| oracle | webcenter_sites | — | — |
| oracle | weblogic_server | — | — |
| oracle | weblogic_server | — | — |
| vt | cryptacular | < 1.1.4 | 1.1.4 |
| vt | cryptacular | >= 1.2.0 < 1.2.4 | 1.2.4 |