{"id":"USN-7872-1","summary":"lasso vulnerabilities","details":"It was discovered that Lasso incorrectly handled certain malformed SAML\nresponses. A remote attacker could possibly use this issue to cause Lasso\nto crash, resulting in a denial of service. (CVE-2025-46404)\n\nIt was discovered that Lasso incorrectly handled certain malformed SAML\nassertion responses. A remote attacker could possibly use this issue to\ncause Lasso to crash, resulting in a denial of service. (CVE-2025-46705)\n\nIt was discovered that Lasso incorrectly handled certain malformed SAML\nresponses. A remote attacker could possibly use this issue to cause Lasso\nto consume memory, resulting in a denial of service. This issue only\naffected Ubuntu 22.04 LTS. (CVE-2025-46784)\n\nIt was discovered that Lasso incorrectly handled certain malformed SAML\nresponses. A remote attacker could use this issue to cause Lasso to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2025-47151)","modified":"2026-04-24T10:06:39.255522Z","published":"2025-11-18T14:59:25Z","related":["UBUNTU-CVE-2025-46404","UBUNTU-CVE-2025-46705","UBUNTU-CVE-2025-46784","UBUNTU-CVE-2025-47151"],"upstream":["CVE-2025-46404","CVE-2025-46705","CVE-2025-46784","CVE-2025-47151","UBUNTU-CVE-2025-46404","UBUNTU-CVE-2025-46705","UBUNTU-CVE-2025-46784","UBUNTU-CVE-2025-47151"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7872-1"}],"affected":[{"package":{"name":"lasso","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/lasso@2.7.0-2ubuntu0.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.0-2ubuntu0.1"}]}],"versions":["2.6.1-3build1","2.6.1-3build3","2.7.0-1","2.7.0-2","2.7.0-2build1","2.7.0-2build2","2.7.0-2build3"],"ecosystem_specific":{"binaries":[{"binary_name":"liblasso-perl","binary_version":"2.7.0-2ubuntu0.1"},{"binary_name":"liblasso3","binary_version":"2.7.0-2ubuntu0.1"},{"binary_name":"python3-lasso","binary_version":"2.7.0-2ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7872-1.json"}},{"package":{"name":"lasso","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/lasso@2.8.2-2ubuntu0.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.2-2ubuntu0.1"}]}],"versions":["2.8.1-1","2.8.1-1build1","2.8.1-2","2.8.2-1","2.8.2-1build1","2.8.2-2build1","2.8.2-2build2"],"ecosystem_specific":{"binaries":[{"binary_name":"liblasso-perl","binary_version":"2.8.2-2ubuntu0.1"},{"binary_name":"liblasso3t64","binary_version":"2.8.2-2ubuntu0.1"},{"binary_name":"python3-lasso","binary_version":"2.8.2-2ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7872-1.json"}}],"schema_version":"1.7.5"}