CVE-2017-2646

Summary

It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks.

Affected Software

VendorProductVersion RangeStatus
Red Hatkeycloak2.5.5affected

Weaknesses

  • CWE-835: CWE-835

ADP Enrichment

CVE Program Container

Additional References

References