CNNVD-202511-417 Information

CNNVD ID

CNNVD-202511-417

Related CVE

CVE-2025-46784

• CNNVD Published: 2025-11-05

Description (Chinese)

Entrouvert Lasso是法国Entrouvert开源的一个单点登录协议实现库。 Entrouvert Lasso 2.5.1版本存在安全漏洞，该漏洞源于lasso_node_init_from_message_with_format功能存在内存耗尽问题，可能导致拒绝服务攻击。

Description (English)

Entrouvert Lasso is a single point-entry protocol realization bank for the open source Entrouvert in France. Version 2.5.1 of Entrouvert Lasso has a security loophole, which stems from the RAM depletion of the lasso node init from message with format function, which may lead to a denial of service attacks.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Entrouvert

Published

2025-11-05

Last Modified

2026-02-24

References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2195 https://vigilance.fr/vulnerability/Lasso-memory-leak-via-lasso-node-init-from-message-with-format-48770

Patch

https://lasso.entrouvert.org/