CVE-2020-7226
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.Enginsight
Vendor | Product | Version |
---|---|---|
vt | cryptacular | 𝑥 < 1.1.4 |
vt | cryptacular | 1.2.0 ≤ 𝑥 < 1.2.4 |
oracle | communications_services_gatekeeper | 7.0 |
oracle | webcenter_sites | 12.2.1.3.0 |
oracle | webcenter_sites | 12.2.1.4.0 |
oracle | weblogic_server | 12.2.1.4.0 |
oracle | weblogic_server | 14.1.1.0.0 |
Common Weakness Enumeration