Description
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Registration Forms CSV Injection (2.0.6)
WordPress Plugin Gallery-Video Gallery and Youtube Gallery Multiple Vulnerabilities (2.0.3)
Oracle Database Server CVE-2009-3414 Vulnerability (CVE-2009-3414)
WordPress Plugin Download Plugins and Themes from Dashboard Cross-Site Scripting (1.5.0)