DEBIAN-CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

References

https://security-tracker.debian.org/tracker/CVE-2025-46784

Affected packages

Debian:11 / lasso

Package

Name: lasso
Purl: pkg:deb/debian/lasso?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6.1-3+deb11u1

Affected versions

2.*

2.6.1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-46784.json"

Debian:12 / lasso

Package

Name: lasso
Purl: pkg:deb/debian/lasso?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-46784.json"

Debian:13 / lasso

Package

Name: lasso
Purl: pkg:deb/debian/lasso?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-46784.json"

Debian:14 / lasso

Package

Name: lasso
Purl: pkg:deb/debian/lasso?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-46784.json"