CVE-2025-46705

Опубликовано: 05 нояб. 2025

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Отчет

This flaw describes an availability impact which is limited on Red Hat products to the active application.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 9	lasso	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-617

https://bugzilla.redhat.com/show_bug.cgi?id=2412740lasso: Denial of service in Entr'ouvert Lasso

EPSS

Процентиль: 14%

0.00046

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2025-46705

CVSS3: 7.5

ubuntu

5 месяцев назад

CVE-2025-46705

CVSS3: 7.5

nvd

5 месяцев назад

CVE-2025-46705

CVSS3: 7.5

debian

5 месяцев назад

A denial of service vulnerability exists in the g_assert_not_reached f ...

GHSA-pmj8-xcc6-hfrp

CVSS3: 9.6

github

5 месяцев назад

openSUSE-SU-2025:20083-1

suse-cvrf

5 месяцев назад

Security update for lasso

EPSS

Процентиль: 14%

0.00046

Низкий

5.3 Medium

CVSS3