debian · CVE-2009-3476

Quick triage

Priority: not yet assigned Published: Updated: Sun, 05 Jul 2026 03:42:00 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2009-3476 not yet assigned priority: Debian including 3 source packages (opensaml, shibboleth-sp, xmltooling), 15 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 15.

Description:

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.

cvelogic Threat Intelligence