CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-24T14:17:16
Updated: 2022-04-19T23:23:13
Reserved: 2020-01-18T00:00:00
Link: CVE-2020-7226
JSON object: View
NVD Information
Status : Modified
Published: 2020-01-24T15:15:14.093
Modified: 2023-11-07T03:25:43.297
Link: CVE-2020-7226
JSON object: View
Redhat Information
No data.
CWE