CVE-2021-31826

Priority
Description
Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer
dereference flaw involving the session recovery feature. The flaw is
exploitable (for a daemon crash) on systems not using this feature if a
crafted cookie is supplied.
Notes
sbeattiedoes not affect src:shibboleth-sp2
Package
Upstream:released (3.2.2+dfsg1-1)
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:released (3.0.4+dfsg1-1ubuntu0.2)
Ubuntu 21.10:not-affected (3.2.2+dfsg1-1)
Ubuntu 22.04 LTS:not-affected (3.2.2+dfsg1-1)
Ubuntu 14.04 ESM:DNE
Patches:
More Information

Updated: 2022-04-25 00:55:18 UTC (commit ecc1009cb19540b950de59270950018900f37f15)