Launchpad CVE tracker

CVE 2021-31826

Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied.

Related bugs and status

CVE-2021-31826 (Candidate) is related to these bugs:

Bug #1926250: CVE-2021-31826: Session recovery feature contains a null pointer deference

Summary				In	Importance	Status
	1926250	CVE-2021-31826: Session recovery feature contains a null pointer deference		shibboleth-sp (Ubuntu)	Medium	Fix Released
	1926250	CVE-2021-31826: Session recovery feature contains a null pointer deference		shibboleth-sp (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.debian.or...
MISC: https://git.shibboleth...
MISC: https://issues.shibbol...
MISC: https://shibboleth.net...
DEBIAN: DSA-4905

Launchpad.net

CVE 2021-31826

Related bugs and status

Related bugs

References