CVE-2017-2646

Name of the Vulnerable Software and Affected Versions: Keycloak versions prior to 2.5.5

Description: The issue arises when a Logout request with Extensions in the middle of the request is received, causing the SAMLSloRequestParser.parse() method to enter an infinite loop. This can be exploited by an attacker to conduct denial of service attacks.

Recommendations: For versions prior to 2.5.5, update to version 2.5.5 or later to resolve the issue. As a temporary workaround, consider restricting or validating the input for the Logout request to prevent the infinite loop in the SAMLSloRequestParser.parse() method.