SUSE SLES15 Security Update : lasso (SUSE-SU-2025:4090-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4090-1 advisory. - CVE-2025-46784: Fixed memory exhaustion in Entr'ouvert Lasso bsc1253094 - CVE-2025-46404: Fixed denial of service in Entr'ouvert...

Amazon Linux 2023 : lasso, lasso-devel, perl-lasso (ALAS2023-2025-1285)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1285 advisory. A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An...

SUSE CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerabili...

SUSE CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

AZL-69850 CVE-2025-47151 affecting package lasso for versions less than 2.9.0-1

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

AZL-69863 CVE-2025-47151 affecting package lasso 2.8.0-1

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

AZL-69854 CVE-2025-46404 affecting package lasso 2.8.0-1

A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

UBUNTU-CVE-2025-46404

A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

CVE-2025-46404

CVE-2025-46404 affects the lasso library’s SAML handling (lasso_provider_verify_saml_signature) and can cause denial of service via malformed SAML inputs. Connected advisories confirm multiple distributions issuing fixes: Debian DLA-4397-1 fixes lasso to 2.6.1-3+deb11u1; openSUSE openSUSE-SU-2025...

CVE-2025-46404

A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

CVE-2025-46784

The connected advisories confirm CVE-2025-46404, CVE-2025-46705, CVE-2025-46784 and CVE-2025-47151 affect the lasso library (Entr'ouvert Lasso / liblasso) used for Liberty/SAML processing. Descriptions show a mix of denial-of-service via malformed SAML responses causing memory depletion or crashe...

CVE-2025-46705

CVE-2025-46705 affects Entr'ouvert Lasso (notably 2.5.1 and 2.8.2). A malformed SAML assertion/response can trigger denial of service. Connected advisories (Debian, openSUSE/SUSE, Ubuntu) confirm multiple Lasso CVEs (including 46404, 46784, 47151) with fixes in various package versions (e.g., Deb...

CVE-2025-46705

A denial of service vulnerability exists in the gassertnotreached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

Entrouvert Lasso 安全漏洞

Entrouvert Lasso is a single sign-on protocol implementation library open-sourced by Entrouvert France. A security vulnerability exists in Entrouvert Lasso version 2.5.1, which stems from a memory exhaustion issue in the lassonodeinitfrommessagewithformat function that could lead to a denial of...

Entrouvert Lasso 安全漏洞

Entrouvert Lasso is a single sign-on protocol implementation library open-sourced by Entrouvert France. A security vulnerability exists in Entrouvert Lasso version 2.5.1 and 2.8.2, which stems from a type confusion in the lassonodeimplinitfromxml function that could lead to the execution of...

Entrouvert Lasso 安全漏洞

Entrouvert Lasso is a single sign-on protocol implementation library open-sourced by Entrouvert France. A security vulnerability exists in Entrouvert Lasso versions 2.5.1 and 2.8.2, which stems from a flaw in the gassertnotreached function that could lead to a denial of service attack...

Entrouvert Lasso 安全漏洞

Entrouvert Lasso is a single sign-on protocol implementation library open-sourced by Entrouvert France. A security vulnerability exists in Entrouvert Lasso version 2.5.1, which stems from the lassoproviderverifysamlsignature function improperly handling a specially crafted SAML response, which...