Alibaba Cloud Linux 3 : 0183: lasso (ALINUX3-SA-2025:0183)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0183 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-47151: A type confusion vulnerability exis...

Ubuntu: Security Advisory (USN-7872-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7872-1: Lasso vulnerabilities

It was discovered that Lasso incorrectly handled certain malformed SAML responses. A remote attacker could possibly use this issue to cause Lasso to crash, resulting in a denial of service. CVE-2025-46404 It was discovered that Lasso incorrectly handled certain malformed SAML assertion responses....

Amazon Linux 2023 : lasso, lasso-devel, perl-lasso (ALAS2023-2025-1285)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1285 advisory. A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An...

SUSE CVE-2025-46705

A denial of service vulnerability exists in the gassertnotreached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this...

CVE-2025-46404

A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

CVE-2025-46404

A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

UBUNTU-CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerabili...

CVE-2025-46404

A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

PT-2025-45108

Name of the Vulnerable Software and Affected Versions Entr’ouvert Lasso versions 2.5.1 and 2.8.2 Description A denial of service issue exists in the g assert not reached functionality. A specially crafted SAML assertion response can cause a denial of service. An attacker can trigger this by sendi...

Entr'ouvert Lasso g_assert_not_reached denial of service vulnerability

Talos Vulnerability Report TALOS-2025-2196 Entr'ouvert Lasso gassertnotreached denial of service vulnerability November 5, 2025 CVE Number CVE-2025-46705 SUMMARY A denial of service vulnerability exists in the gassertnotreached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially craft...

PT-2025-45109

Name of the Vulnerable Software and Affected Versions Entr'ouvert Lasso version 2.5.1 Description A denial of service issue exists in the lasso node init from message with format functionality. A specially crafted SAML response can cause memory depletion, leading to a denial of service. An attack...