CVE-2009-3476

Shibboleth Service Provider 1.3.x < 1.3.4 and 2.x < 2.2.1 - Buffer Overflow via Malformed Encoded URL

Title source: llm
STIX 2.1

Description

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36870
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36514
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36869
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/53471

Scores

EPSS 0.0410
EPSS Percentile 89.6%

Details

CWE
CWE-119
Status published
Products (14)
internet2/opensaml 1.1
internet2/opensaml 1.1.1
internet2/shibboleth-sp 1.3.1
internet2/shibboleth-sp 1.3.2
internet2/shibboleth-sp 1.3.3
internet2/shibboleth-sp 1.3f
internet2/shibboleth-sp 2.0
internet2/shibboleth-sp 2.1
internet2/shibboleth-sp 2.2
internet2/xmltooling 1.0.1
... and 4 more
Published Sep 29, 2009
Tracked Since Feb 18, 2026