Описание
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.4 (исключая)Версия от 1.2.0 (включая) до 1.2.4 (исключая)
Одно из
cpe:2.3:a:vt:cryptacular:*:*:*:*:*:*:*:*
cpe:2.3:a:vt:cryptacular:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03282
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-770
Связанные уязвимости
CVSS3: 7.5
redhat
около 6 лет назад
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.
EPSS
Процентиль: 87%
0.03282
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-770