CVE-2020-7226

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-7226
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7226.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-7226
Aliases
Downstream
Published
2020-01-24T15:15:14.093Z
Modified
2026-06-13T11:55:03.150240279Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.

Database specific 
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:communications_services_gatekeeper",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "12.2.1.3.0"
                },
                {
                    "last_affected": "12.2.1.4.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:webcenter_sites",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "12.2.1.4.0"
                },
                {
                    "last_affected": "14.1.1.0.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:weblogic_server",
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/apereo/cas

Affected ranges

Type
GIT
Repo
https://github.com/apereo/cas
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8810f2b6c71d73341d4dde6b09a18eb46cfd6d45
Fixed
93b1c3e9d90e36a19d0fa0f6efb863c6f0235e75
Fixed
a042808d6adbbf44753d52c55cac5f533e24101f
Database specific 
{
    "source": "REFERENCES"
}

Affected versions

3.*
3.4.11-RC1
v3.*
v3.4.11
v3.5.0
v3.5.0-RC1
v3.5.0-RC2
v3.5.1-RC1
v4.*
v4.0.0-RC1
v5.*
v5.3.12
v5.3.12.1
v5.3.14
v5.3.15
v6.*
v6.0.5
v6.0.5.1
v6.0.6
v6.0.7
v6.0.8
v6.1.0
v6.1.0-RC5
v6.1.0-RC6
v6.1.3
v6.1.4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7226.json"

Git / github.com/vt-middleware/cryptacular

Affected ranges

Type
GIT
Repo
https://github.com/vt-middleware/cryptacular
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a1dc0b20b02e39c313cb3adfd4f02f8bf1b31390
Introduced
19668f905de22d3b9b26a4b53b527701a15e864e
Fixed
029112cc4af19e0d6aebe0b26dc19652f0c2ffab
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.1.4"
        },
        {
            "introduced": "1.2.0"
        },
        {
            "fixed": "1.2.4"
        }
    ],
    "cpe": "cpe:2.3:a:vt:cryptacular:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

v1.*
v1.0
v1.0-RC1
v1.0-RC2
v1.0-RC3
v1.0-RC4
v1.0-RC6
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.2.0
v1.2.1
v1.2.2
v1.2.3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7226.json"