The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8
charset, which truncates queries upon encountering four-byte characters.
There might be a scenario in which this allows remote attackers to bypass
intended access restrictions.
Author | Note |
---|---|
msalvatore | According to the security advisory, “there is no known way to exploit the issue.” There are 2 mitigating factors. See the SimpleSAMLphp advisory for more details. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | simplesamlphp | < any | UNKNOWN |