Shibboleth Service Provider Security Advisory [3 August 2018]
peter.schober at univie.ac.at
Fri Aug 3 08:13:33 EDT 2018
* Cantor, Scott <cantor.2 at osu.edu> [2018-08-03 14:06]:
> The Apache Santuario XML Security for C++ library contained code
> paths at risk of dereferencing null pointers when processing
> various kinds of malformed KeyInfo hints typically found in signed
> or encrypted XML.
So this is not just about metadata (as I initially thought) and could
also be triggered by unsolicited responses, for example?
More information about the users