MidnightBSD

Advisories for vt

CVE-2020-7226 MEDIUM

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
oracle weblogic_server 14.1.1.0.0
oracle webcenter_sites 12.2.1.4.0
oracle webcenter_sites 12.2.1.3.0
oracle communications_services_gatekeeper 7.0
vt cryptacular *
oracle weblogic_server 12.2.1.4.0