CVE-2025-46404

Опубликовано: 05 нояб. 2025

Источник: redhat

CVSS3: 4.3

EPSS Низкий

Описание

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1 and prior. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Отчет

This flaw describes an availability impact which is limited on Red Hat products to the active application.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 9	lasso	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=2412741lasso: Denial of service in Entr'ouvert Lasso

EPSS

Процентиль: 33%

0.00136

Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2025-46404

CVSS3: 7.5

ubuntu

5 месяцев назад

CVE-2025-46404

CVSS3: 7.5

nvd

5 месяцев назад

CVE-2025-46404

CVSS3: 7.5

debian

5 месяцев назад

A denial of service vulnerability exists in the lasso_provider_verify_ ...

GHSA-2vvf-4m7q-pvpx

CVSS3: 9.6

github

5 месяцев назад

openSUSE-SU-2025:20083-1

suse-cvrf

5 месяцев назад

Security update for lasso

EPSS

Процентиль: 33%

0.00136

Низкий

4.3 Medium

CVSS3