Critical: lasso

Issue Overview: A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. CVE-2025-4640...

AZL-69850 CVE-2025-47151 affecting package lasso for versions less than 2.9.0-1

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

PT-2025-45110

Name of the Vulnerable Software and Affected Versions Entr'ouvert Lasso versions 2.5.1 and 2.8.2 Description A type confusion issue exists within the lasso node impl init from xml function. A specially crafted SAML response can trigger this issue, potentially leading to arbitrary code execution. ...

OPENSUSE-SU-2021:1057-1 Security update for lasso

This update for lasso fixes the following issues: - CVE-2021-28091: Fixed XML signature wrapping vulnerability when parsing SAML responses boo1186768...

DLA-2684-1 lasso - security update

Bulletin has no description...

CVE-2021-28091

Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature...

DSA-4926-1 lasso - security update

Bulletin has no description...

Input validation

Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSAverify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077...