PT-2018-17607 · Simplesamlphp · Simplesamlphp Saml2 Library

Published

2018-02-02

Updated

2022-05-14

CVE-2018-6519

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SimpleSAMLphp SAML2 library versions prior to 1.10.4 SimpleSAMLphp SAML2 library versions 2.x prior to 2.3.5 SimpleSAMLphp SAML2 library versions 3.x prior to 3.1.1

Description The issue is related to a Regular Expression Denial of Service vulnerability. This vulnerability affects the processing of fraction-of-seconds data in a timestamp.

Recommendations For versions prior to 1.10.4, update to version 1.10.4 or later. For versions 2.x prior to 2.3.5, update to version 2.3.5 or later. For versions 3.x prior to 3.1.1, update to version 3.1.1 or later.

Exploit

Fix

DoS

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2018-6519

DSA-4127-1

GHSA-HHM8-2J4G-MPGG

Affected Products

Simplesamlphp Saml2 Library

PT-2018-17607 · Simplesamlphp · Simplesamlphp Saml2 Library

CVE-2018-6519

Weakness Enumeration

Related Identifiers

Affected Products

References · 28