CLSA-2025-1765478656 lasso: Fix of CVE-2025-47151

CVE-2025-47151: fix type confusion vulnerability in the lassonodeimplinitfromxml functionality...

lasso: Type confusion in Entr'ouvert Lasso

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

Security update for lasso

This update for lasso fixes the following issues: CVE-2025-46784: Fixed memory exhaustion in Entr'ouvert Lasso bsc1253094 CVE-2025-46404: Fixed denial of service in Entr'ouvert Lasso bsc1253092 CVE-2025-46705: Fixed denial of service in Entr'ouvert Lasso bsc1253093 CVE-2025-47151: Fixed type...

SUSE CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

CVE-2025-47151

CVE-2025-47151 is a type confusion vulnerability in Entr'ouvert Lasso (lasso_node_impl_init_from_xml) that can allow arbitrary code execution via a crafted SAML response. Affected versions include Lasso 2.5.1 and 2.8.2, with exploitation via network input that does not require user interaction. T...

CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerabili...

CVE-2025-46784

The connected advisories confirm CVE-2025-46404, CVE-2025-46705, CVE-2025-46784 and CVE-2025-47151 affect the lasso library (Entr'ouvert Lasso / liblasso) used for Liberty/SAML processing. Descriptions show a mix of denial-of-service via malformed SAML responses causing memory depletion or crashe...