CVE-2016-9814

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-9814
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9814.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-9814
Aliases
Downstream
Published
2017-02-17T02:59:14.047Z
Modified
2025-11-23T03:58:50.713400Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.

References

Affected packages

Git

github.com/simplesamlphp/simplesamlphp

Affected ranges

Type
GIT
Repo
https://github.com/simplesamlphp/simplesamlphp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1ee347667046b8d9d633188dd7e4fd7e800bdf14
Last affected
247d316baf7475b3362ba5ef0f835176aca6d7fb
Last affected
28cedec34aada6fd6889b8c72b2a3ca047556e85
Last affected
3195076c3c8cd159651db3bdfb4de8d58d8f2a77
Last affected
3fad70092c503d0ef02fe395ef24ab5d5d836f51
Last affected
5455702a4d6c3eaf47fdbc589eb3f174dda0d81b
Last affected
567e3350ae4a363305187984217381a65d57bdb3
Last affected
62005d76c684233649c2187d21d73fdbfdf4795a
Last affected
74c4130659d1574f44aa2606090a8d87ffc95ebb
Last affected
c02bb1f2ec5d81be4827399b5789c14496e179e5

Affected versions

v1.*

v1.12.0
v1.14.0
v1.14.0-rc1
v1.14.1
v1.14.2
v1.14.3
v1.14.4
v1.14.5
v1.14.6
v1.14.7
v1.14.8
v1.14.9
v1.15.0-rc1

v2.*

v2.0.0
v2.0.0-beta.1
v2.0.0-beta.11
v2.0.0-beta.2
v2.0.0-beta.3
v2.0.0-beta.4
v2.0.0-rc1
v2.0.0-rc2
v2.0.0-rc3
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.1.0-rc1
v2.3.0
v2.3.2

github.com/simplesamlphp/xml-security

Affected ranges

Type
GIT
Repo
https://github.com/simplesamlphp/xml-security
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2f478b2308b06c10542488ce9690a98baaf2fdfa
Last affected
446cbf3aed7f4673fb7e03083ece76a468220c44
Last affected
b58d5eeaa2a67bb67f92fecfed4ff6ff94caeae3
Last affected
f0fb013f5496daf050bb3cb8266874603e6349ce

Affected versions

v0.*

v0.0.1
v0.0.10
v0.0.11
v0.0.2
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.9
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.3.0
v0.3.2
v0.3.3
v0.4.1
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5

v1.*

v1.0.0
v1.0.1
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.1.0
v1.1.1
v1.1.2
v1.10.0
v1.2.0
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.10
v1.6.11
v1.6.12
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.6
v1.8.7
v1.9.0
v1.9.1
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6

github.com/sustainsys/saml2

Affected ranges

Type
GIT
Repo
https://github.com/sustainsys/saml2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
af9d04f9e6ab5aabfe1b752ffe1900ffe89c5426
Last affected
e446404d33dbfaf72dd6cbff8b2ea6a0ecfdb2c1
Last affected
f0f7cfc57eff78d5d9354aa2718c342ba684ae29
Last affected
f12c8c5c0012c2d87f5a9e980dc68002ea9d0252

Affected versions

v0.*

v0.1.0
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.15.1
v0.16.0
v0.17.0
v0.17.1
v0.17.2
v0.18.0
v0.18.1
v0.19.0
v0.2.0
v0.20.0
v0.21.0
v0.21.1
v0.21.2
v0.22.0
v0.23.0
v0.24.0
v0.3.0
v0.4.0
v0.5.0
v0.5.2
v0.6.0
v0.6.2
v0.7.0
v0.7.2
v0.8.0
v0.9.0

v1.*

v1.0.0

v2.*

v2.0.0

github.com/cesnet/proxystatistics-simplesamlphp-module

Affected ranges

Type
GIT
Repo
https://github.com/cesnet/proxystatistics-simplesamlphp-module
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2304b5a8d449507d48fb1db335b7d55a1338afa0
Last affected
9483bc565221fa8856bdcb80787750641f511bbd

Affected versions

v2.*

v2.0.0

github.com/simplesamlphp/saml2

Affected ranges

Type
GIT
Repo
https://github.com/simplesamlphp/saml2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
089a5806bfb8a25ffae8fe1251f53c6e9fb88fb6
Last affected
0d6861bc2966249702e623d325609adb2a782612
Last affected
4853f1e7f69e428afc1843d4170bbaa1038199b4
Last affected
6a4b1eece19b067b17fff718176689b82dc89fb9
Last affected
6cb5cb844ba5ef9a7f98d149bdab5661d36268ed
Last affected
80bc9628c03e3c0d2774488cf2f3dc3b9c2ddf5b
Last affected
9a2ffdd7d05ec520b172c5442f4724cab8800bc7
Last affected
be2b348c46cceb311a743a33fb51035158f6f69a
Last affected
d01b753d557917583292ba9bc64fb1b917d6ea63
Last affected
d78becc975388971c3b853353072adf8e5deb841
Last affected
fbc457e774a1cd57945ca2684a2198a0984497c1

Affected versions

1.*

1.5.3

v0.*

v0.1.0
v0.1.0-alpha
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.5.0
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.7.0
v0.7.1
v0.8.0
v0.8.1

v1.*

v1.0.0
v1.1.0
v1.10
v1.2.0
v1.3.0
v1.3.1
v1.3.2
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.6.0
v1.6.1
v1.7.0
v1.7.1
v1.7.2
v1.8
v1.9

v2.*

v2.0.0
v2.0.1