Unrated severityNVD Advisory· Published Sep 29, 2009· Updated Apr 23, 2026
CVE-2009-3476
CVE-2009-3476
Description
Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.
Affected products
14cpe:2.3:a:internet2:shibboleth-sp:1.3.1:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:internet2:shibboleth-sp:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:shibboleth-sp:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:shibboleth-sp:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:shibboleth-sp:1.3f:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:shibboleth-sp:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:shibboleth-sp:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:shibboleth-sp:2.2:*:*:*:*:*:*:*
cpe:2.3:a:internet2:xmltooling:1.0.1:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:internet2:xmltooling:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:xmltooling:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:xmltooling:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:xmltooling:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:xmltooling:1.2.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- secunia.com/advisories/36869nvdVendor Advisory
- secunia.com/advisories/36870nvdVendor Advisory
- shibboleth.internet2.edu/secadv/secadv_20090826.txtnvdVendor Advisory
- www.securityfocus.com/bid/36514nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/53471nvd
News mentions
0No linked articles in our index yet.