Description
It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2646
http://www.securityfocus.com/bid/96882
Related Vulnerabilities
CVE-2018-3750 Vulnerability in maven package org.webjars.npm:deep-extend
CVE-2022-35915 Vulnerability in npm package openzeppelin-solidity
CVE-2020-8137 Vulnerability in maven package org.webjars.npm:uppy
CVE-2022-25860 Vulnerability in npm package simple-git
CVE-2020-35201 Vulnerability in maven package org.igniterealtime.openfire.plugins:bookmarks