CVE-2009-3476
Shibboleth Service Provider 1.3.x < 1.3.4 and 2.x < 2.2.1 - Buffer Overflow via Malformed Encoded URL
Title source: llmDescription
Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36870
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36514
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36869
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/53471
Vendor Advisory x_refsource_confirm
http://shibboleth.internet2.edu/secadv/secadv_20090826.txt
Scores
EPSS
0.0410
EPSS Percentile
89.6%
Details
CWE
CWE-119
Status
published
Products (14)
internet2/opensaml
1.1
internet2/opensaml
1.1.1
internet2/shibboleth-sp
1.3.1
internet2/shibboleth-sp
1.3.2
internet2/shibboleth-sp
1.3.3
internet2/shibboleth-sp
1.3f
internet2/shibboleth-sp
2.0
internet2/shibboleth-sp
2.1
internet2/shibboleth-sp
2.2
internet2/xmltooling
1.0.1
... and 4 more
Published
Sep 29, 2009
Tracked Since
Feb 18, 2026