Unrated severityNVD Advisory· Published Sep 29, 2009· Updated Jun 16, 2026
CVE-2009-3476
CVE-2009-3476
Description
Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.
Affected products
17cpe:2.3:a:internet2:shibboleth-sp:1.3.1:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:internet2:shibboleth-sp:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:shibboleth-sp:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:shibboleth-sp:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:shibboleth-sp:1.3f:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:shibboleth-sp:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:shibboleth-sp:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:shibboleth-sp:2.2:*:*:*:*:*:*:*
cpe:2.3:a:internet2:xmltooling:1.0.1:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:internet2:xmltooling:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:xmltooling:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:xmltooling:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:xmltooling:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:internet2:xmltooling:1.2.1:*:*:*:*:*:*:*
- (no CPE)range: < 1.2.2
- Range: 1.3.x < 1.3.4, 2.x < 2.2.1
Patches
Vulnerability mechanics
References
5- secunia.com/advisories/36869nvdVendor Advisory
- secunia.com/advisories/36870nvdVendor Advisory
- shibboleth.internet2.edu/secadv/secadv_20090826.txtnvdVendor Advisory
- www.securityfocus.com/bid/36514nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/53471nvd
News mentions
0No linked articles in our index yet.