What is the severity of CVE-2009-3476?

CVE-2009-3476 has a medium severity as it allows remote attackers to potentially execute arbitrary code or cause a denial of service.

How do I fix CVE-2009-3476?

To fix CVE-2009-3476, upgrade to OpenSAML version 1.1.3 or higher, and XMLTooling version 1.2.2 or higher.

Which software is affected by CVE-2009-3476?

CVE-2009-3476 affects Internet2 Shibboleth Service Provider versions 1.3.x before 1.3.4 and 2.x before 2.2.1, as well as OpenSAML versions before 1.1.3.

Can CVE-2009-3476 lead to data breaches?

Yes, CVE-2009-3476 could potentially lead to data breaches by allowing attackers to execute arbitrary code.

Is CVE-2009-3476 exploitable remotely?

Yes, CVE-2009-3476 is exploitable remotely, which increases its risk to vulnerable systems.

Vulnerability/
CVE-2009-3476

critical

9.3

CWE

119

29/9/2009

7/8/2024

CVE-2009-3476: Buffer Overflow

First published: Tue Sep 29 2009(Updated: )

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Shibboleth Service Provider	=1.3.1
Shibboleth Service Provider	=1.3.2
Shibboleth Service Provider	=1.3.3
Shibboleth Service Provider	=1.3f
Internet2 OpenSAML	=1.1
Internet2 OpenSAML	=1.1.1
Shibboleth XMLTooling-C	=1.0.1
Shibboleth XMLTooling-C	=1.1.0
Shibboleth XMLTooling-C	=1.1.1
Shibboleth XMLTooling-C	=1.2.0
Shibboleth XMLTooling-C	=1.2.1
Shibboleth Service Provider	=2.0
Shibboleth Service Provider	=2.1
Shibboleth Service Provider	=2.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-3476?
CVE-2009-3476 has a medium severity as it allows remote attackers to potentially execute arbitrary code or cause a denial of service.
How do I fix CVE-2009-3476?
To fix CVE-2009-3476, upgrade to OpenSAML version 1.1.3 or higher, and XMLTooling version 1.2.2 or higher.
Which software is affected by CVE-2009-3476?
CVE-2009-3476 affects Internet2 Shibboleth Service Provider versions 1.3.x before 1.3.4 and 2.x before 2.2.1, as well as OpenSAML versions before 1.1.3.
Can CVE-2009-3476 lead to data breaches?
Yes, CVE-2009-3476 could potentially lead to data breaches by allowing attackers to execute arbitrary code.
Is CVE-2009-3476 exploitable remotely?
Yes, CVE-2009-3476 is exploitable remotely, which increases its risk to vulnerable systems.

collector/nvd-historical
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/references
agent/weakness
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/internet2
canonical/shibboleth service provider
version/shibboleth service provider/1.3.1
version/shibboleth service provider/1.3.2
version/shibboleth service provider/1.3.3
version/shibboleth service provider/1.3f
canonical/internet2 opensaml
version/internet2 opensaml/1.1
version/internet2 opensaml/1.1.1
canonical/shibboleth xmltooling-c
version/shibboleth xmltooling-c/1.0.1
version/shibboleth xmltooling-c/1.1.0
version/shibboleth xmltooling-c/1.1.1
version/shibboleth xmltooling-c/1.2.0
version/shibboleth xmltooling-c/1.2.1
version/shibboleth service provider/2.0
version/shibboleth service provider/2.1
version/shibboleth service provider/2.2