HIGH🇬🇧 English

CVE-2025-46404

CVSS 7.5v3.1pub. 2025-11-05upd. 2025-11-07

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Entrouvert Lasso

    APP
    Entrouvert
    2.5.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2025-47151CRITICAL9.8PL ✓ten sam produkt

Type confusion w Entrouvert Lasso — RCE przez złośliwą odpowiedź SAML

CVE-2025-46705HIGH7.5ten sam produkt

A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2....

CVE-2025-46784HIGH7.5ten sam produkt

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr...

CVE-2021-28091HIGH7.5ten sam produkt

Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.

CVE-2015-1783HIGH7.5ten sam produkt

The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859...