Описание
Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 3.2.2+dfsg1-1 |
| esm-apps/focal | released | 3.0.4+dfsg1-1ubuntu0.2 |
| esm-apps/jammy | not-affected | 3.2.2+dfsg1-1 |
| esm-infra-legacy/trusty | DNE | |
| focal | released | 3.0.4+dfsg1-1ubuntu0.2 |
| groovy | ignored | end of life |
| hirsute | ignored | end of life |
| impish | not-affected | 3.2.2+dfsg1-1 |
| jammy | not-affected | 3.2.2+dfsg1-1 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied.
Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointe ...
Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied.
Уязвимость функции восстановления сеанса компонента технологии аутентификации Shibboleth Service Provider, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2
7.5 High
CVSS3