Security Advisory

CVE-2021-31826

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-04-27 03:33:47
Last updated 2024-08-03 23:10:30
Assigner mitre
State PUBLISHED

Description

Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied.