VYPR
Unrated severityNVD Advisory· Published Sep 29, 2009· Updated Jun 16, 2026

CVE-2009-3476

CVE-2009-3476

Description

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.

Affected products

17
  • cpe:2.3:a:internet2:opensaml:1.1:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:internet2:opensaml:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:internet2:opensaml:1.1.1:*:*:*:*:*:*:*
    • (no CPE)range: < 1.1.3
  • cpe:2.3:a:internet2:shibboleth-sp:1.3.1:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:internet2:shibboleth-sp:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:internet2:shibboleth-sp:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:internet2:shibboleth-sp:1.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:internet2:shibboleth-sp:1.3f:*:*:*:*:*:*:*
    • cpe:2.3:a:internet2:shibboleth-sp:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:internet2:shibboleth-sp:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:internet2:shibboleth-sp:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:internet2:xmltooling:1.0.1:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:internet2:xmltooling:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:internet2:xmltooling:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:internet2:xmltooling:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:internet2:xmltooling:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:internet2:xmltooling:1.2.1:*:*:*:*:*:*:*
    • (no CPE)range: < 1.2.2
  • Range: 1.3.x < 1.3.4, 2.x < 2.2.1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.