CVE-2009-3476
EPSS 1.8%
Description
Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.
How to fix CVE-2009-3476
To remediate CVE-2009-3476, upgrade the affected package to a fixed version below.
- Debian/opensaml—upgrade to 3.0.0-2 or later
- Debian/shibboleth-sp—upgrade to 3.0.2+dfsg1-2 or later
- Debian/xmltooling—upgrade to 1.2.2-1 or later
Is CVE-2009-3476 being exploited?
Low — EPSS is 1.8%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 3.0.0-2
- from 0, < 3.0.2+dfsg1-2
- from 0, < 1.2.2-1