Shibboleth Service Provider Security Advisory [3 August 2018]

Peter Schober peter.schober at
Fri Aug 3 08:13:33 EDT 2018

* Cantor, Scott <cantor.2 at> [2018-08-03 14:06]:
> The Apache Santuario XML Security for C++ library contained code
> paths at risk of dereferencing null pointers when processing
> various kinds of malformed KeyInfo hints typically found in signed
> or encrypted XML.

So this is not just about metadata (as I initially thought) and could
also be triggered by unsolicited responses, for example?


More information about the users mailing list