Vulnerabilities > CVE-2021-31826 - NULL Pointer Dereference vulnerability in Shibboleth Service Provider

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
shibboleth
CWE-476

Summary

Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied.

Common Weakness Enumeration (CWE)