CVE-2009-3476

EPSS 1.8%

Published: 9/29/2009Modified: 4/28/2026

Also known as:DEBIAN-CVE-2009-3476

Description

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.

Affected packages (3)

Debian/opensamlfrom 0, < 3.0.0-2
Debian/shibboleth-spfrom 0, < 3.0.2+dfsg1-2
Debian/xmltoolingfrom 0, < 1.2.2-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-3476