7 matches found
CVE-2021-28091
CVE-2021-28091 affects the Lasso library. All versions prior to 2.7.0 are vulnerable due to improper verification of a cryptographic signature in SAML/XML signature processing, which can allow manipulation of SAML responses and potential impersonation. Remediation is to upgrade to version 2.7.0 o...
CVE-2009-0050
Technical details for CVE-2009-0050 are not publicly available in the provided documents. Monitor for updates.
CVE-2015-1783
The CVE-2015-1783 entry concerns the Lasso library. The root cause is a flaw in the get_or_define_ns function where the prefix variable can lead to uninitialized memory access, enabling a remote attacker to trigger a denial of service via unspecified vectors, resulting in an application crash. Th...
CVE-2025-47151
CVE-2025-47151 is a type confusion vulnerability in Entr'ouvert Lasso (lasso_node_impl_init_from_xml) that can allow arbitrary code execution via a crafted SAML response. Affected versions include Lasso 2.5.1 and 2.8.2, with exploitation via network input that does not require user interaction. T...
CVE-2025-46404
CVE-2025-46404 affects the lasso library’s SAML handling (lasso_provider_verify_saml_signature) and can cause denial of service via malformed SAML inputs. Connected advisories confirm multiple distributions issuing fixes: Debian DLA-4397-1 fixes lasso to 2.6.1-3+deb11u1; openSUSE openSUSE-SU-2025...
CVE-2025-46784
The connected advisories confirm CVE-2025-46404, CVE-2025-46705, CVE-2025-46784 and CVE-2025-47151 affect the lasso library (Entr'ouvert Lasso / liblasso) used for Liberty/SAML processing. Descriptions show a mix of denial-of-service via malformed SAML responses causing memory depletion or crashe...
CVE-2025-46705
CVE-2025-46705 affects Entr'ouvert Lasso (notably 2.5.1 and 2.8.2). A malformed SAML assertion/response can trigger denial of service. Connected advisories (Debian, openSUSE/SUSE, Ubuntu) confirm multiple Lasso CVEs (including 46404, 46784, 47151) with fixes in various package versions (e.g., Deb...