vulnerability
Amazon Linux 2023: CVE-2025-46705: Critical priority package update for lasso
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Nov 5, 2025 | Nov 11, 2025 | Nov 11, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Nov 5, 2025
Added
Nov 11, 2025
Modified
Nov 11, 2025
Description
A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
Solutions
amazon-linux-2023-upgrade-lassoamazon-linux-2023-upgrade-lasso-debuginfoamazon-linux-2023-upgrade-lasso-debugsourceamazon-linux-2023-upgrade-lasso-develamazon-linux-2023-upgrade-perl-lassoamazon-linux-2023-upgrade-perl-lasso-debuginfoamazon-linux-2023-upgrade-python3-lassoamazon-linux-2023-upgrade-python3-lasso-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.