Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-46784

Опубликовано: 05 нояб. 2025
Источник: redhat
CVSS3: 4.7
EPSS Низкий

Описание

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1 and prior. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Отчет

This flaw describes an availability impact which is limited when exploited in the context of a Red Hat Product. A host system is not directly affected and so the impact is limited.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 9lassoNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-401
https://bugzilla.redhat.com/show_bug.cgi?id=2412742lasso: Memory exhaustion in Entr'ouvert Lasso

EPSS

Процентиль: 31%
0.00117
Низкий

4.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-46784

CVSS3: 7.5
ubuntu
5 месяцев назад

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

nvd логотип

CVE-2025-46784

CVSS3: 7.5
nvd
5 месяцев назад

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

debian логотип

CVE-2025-46784

CVSS3: 7.5
debian
5 месяцев назад

A denial of service vulnerability exists in the lasso_node_init_from_m ...

github логотип

GHSA-4p4q-6835-5w79

CVSS3: 9.6
github
5 месяцев назад

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

suse-cvrf логотип

SUSE-SU-2025:4094-1

suse-cvrf
5 месяцев назад

Security update for lasso

EPSS

Процентиль: 31%
0.00117
Низкий

4.7 Medium

CVSS3