CVE-2016-9814

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-9814

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9814.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-9814

Aliases

GHSA-r8v4-7vwj-983x

Related

Published

2017-02-17T02:59:14Z

Modified

2024-10-12T02:17:38.459146Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.

References

Affected packages

Debian:11 / simplesamlphp

Package

Name: simplesamlphp
Purl: pkg:deb/debian/simplesamlphp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.10-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / simplesamlphp

Package

Name: simplesamlphp
Purl: pkg:deb/debian/simplesamlphp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.10-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / simplesamlphp

Package

Name: simplesamlphp
Purl: pkg:deb/debian/simplesamlphp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.10-1

Ecosystem specific

{
    "urgency": "low"
}

Git / github.com/cesnet/proxystatistics-simplesamlphp-module

Affected ranges

Type: GIT
Repo: https://github.com/cesnet/proxystatistics-simplesamlphp-module
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2304b5a8d449507d48fb1db335b7d55a1338afa0

Last affected

9483bc565221fa8856bdcb80787750641f511bbd

Type: GIT
Repo: https://github.com/simplesamlphp/saml2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

089a5806bfb8a25ffae8fe1251f53c6e9fb88fb6

Last affected

0d6861bc2966249702e623d325609adb2a782612

Last affected

4853f1e7f69e428afc1843d4170bbaa1038199b4

Last affected

80bc9628c03e3c0d2774488cf2f3dc3b9c2ddf5b

Last affected

9a2ffdd7d05ec520b172c5442f4724cab8800bc7

Last affected

be2b348c46cceb311a743a33fb51035158f6f69a

Last affected

d01b753d557917583292ba9bc64fb1b917d6ea63

Last affected

d78becc975388971c3b853353072adf8e5deb841

Last affected

eefd345820c6bcda5ab904220096919f25ade83b

Type: GIT
Repo: https://github.com/simplesamlphp/simplesamlphp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1ee347667046b8d9d633188dd7e4fd7e800bdf14

Last affected

28cedec34aada6fd6889b8c72b2a3ca047556e85

Last affected

3195076c3c8cd159651db3bdfb4de8d58d8f2a77

Last affected

3fad70092c503d0ef02fe395ef24ab5d5d836f51

Last affected

5455702a4d6c3eaf47fdbc589eb3f174dda0d81b

Last affected

567e3350ae4a363305187984217381a65d57bdb3

Last affected

62005d76c684233649c2187d21d73fdbfdf4795a

Last affected

74c4130659d1574f44aa2606090a8d87ffc95ebb

Last affected

c02bb1f2ec5d81be4827399b5789c14496e179e5

Type: GIT
Repo: https://github.com/simplesamlphp/xml-security
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

446cbf3aed7f4673fb7e03083ece76a468220c44

Type: GIT
Repo: https://github.com/sustainsys/saml2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

af9d04f9e6ab5aabfe1b752ffe1900ffe89c5426

Last affected

e446404d33dbfaf72dd6cbff8b2ea6a0ecfdb2c1

Last affected

f0f7cfc57eff78d5d9354aa2718c342ba684ae29

Last affected

f12c8c5c0012c2d87f5a9e980dc68002ea9d0252

Affected versions

1.*

1.5.3

v0.*

v0.0.1

v0.0.10

v0.0.11

v0.0.2

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.0.9

v0.1.0

v0.1.0-alpha

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.15.1

v0.16.0

v0.17.0

v0.17.1

v0.17.2

v0.18.0

v0.18.1

v0.19.0

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.2.4

v0.2.5

v0.2.6

v0.2.7

v0.20.0

v0.21.0

v0.21.1

v0.21.2

v0.22.0

v0.23.0

v0.24.0

v0.3.0

v0.3.2

v0.3.3

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.5.7

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.7.0

v0.7.1

v0.7.2

v0.8.0

v0.8.1

v0.9.0

v1.*

v1.0.0

v1.0.1

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.1.0

v1.1.1

v1.1.2

v1.12.0

v1.15.0-rc1

v1.2.0

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.6.0

v1.6.1

v1.6.10

v1.6.11

v1.6.12

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.6.8

v1.6.9

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.7.4

v1.7.5

v1.7.6

v1.8

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.8.6

v1.8.7

v1.9

v1.9.0

v2.*

v2.0.0

v2.0.0-beta.1

v2.0.0-beta.11

v2.0.0-beta.2

v2.0.0-beta.3

v2.0.0-beta.4

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.1.0-rc1

v2.3.0

v2.3.2