CVE-2020-7226

EPSS 3.28% · P87 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-7226

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Cryptacular 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cryptacular是开源的用于 Java的Bouncy Castle Crypto API的补充。 cryptacular 存在跨站脚本漏洞，该漏洞源于在CiphertextHeader.java中解码操作期间过多的内存分配。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2020-7226

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-7226

请登录查看更多情报信息。

https://github.com/apereo/cas/pull/4685x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://github.com/apereo/cas/commit/93b1c3e9d90e36a19d0fa0f6efb863c6f0235e75x_refsource_MISC
https://github.com/apereo/cas/commit/8810f2b6c71d73341d4dde6b09a18eb46cfd6d45x_refsource_MISC
https://github.com/vt-middleware/cryptacular/blob/fafccd07ab1214e3588a35afe3c361519129605f/src/main/java/org/cryptacular/CiphertextHeader.java#L153x_refsource_MISC
https://github.com/apereo/cas/commit/a042808d6adbbf44753d52c55cac5f533e24101fx_refsource_MISC
https://github.com/vt-middleware/cryptacular/blob/master/src/main/java/org/cryptacular/CiphertextHeader.java#L153x_refsource_MISC
Denial of Service in latest version [1.2.3] · Issue #52 · vt-middleware/cryptacularx_refsource_MISC
https://lists.apache.org/thread.html/re7f46c4cc29a4616e0aa669c84a0eb34832e83a8eef05189e2e59b44%40%3Cdev.ws.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc36b75cabb4d700b48035d15ad8b8c2712bb32123572a1bdaec2510a%40%3Cdev.ws.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rfa4647c58e375996e62a9094bffff6dc350ec311ba955b430e738945%40%3Cdev.ws.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r209de85beae4d257d27fc577e3a3e97039bdb4c2dc6f4a8e5a5a5811%40%3Ccommits.tomee.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r77c48cd851f60833df9a9c9c31f12243508e15d1b2a0961066d44fc6%40%3Ccommits.tomee.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0847c7eb78c8f9e87d5b841fbd5da52b2ad4b4345e04b51c30621d88%40%3Ccommits.tomee.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r2237a27040b57adc2fcc5570bd530ad2038e67fcb2a3ce65283d3143%40%3Ccommits.tomee.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r4a62133ad01d5f963755021027a4cce23f76b8674a13860d2978c7c8%40%3Ccommits.tomee.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re04e4f8f0d095387fb6b0ff9016a0af8c93f42e1de93b09298bfa547%40%3Ccommits.ws.apache.org%3Emailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2020-7226

Same Patch Batch · n/a · 2020-01-24 · 37 CVEs total

CVE-2020-7052		多款3S-Smart Software Solutions产品资源管理错误漏洞
CVE-2013-1595		Vivotek PT7135 IP Camera 缓冲区错误漏洞
CVE-2015-1530		Android 输入验证错误漏洞
CVE-2015-1525		Android 输入验证错误漏洞
CVE-2019-19363		多款Ricoh产品安全漏洞
CVE-2013-1596		Vivotek PT7135 IP Camera 授权问题漏洞
CVE-2013-1597		Vivotek PT7135 IP Cameras 路径遍历漏洞
CVE-2014-4172		Jasig Java CAS Client、.NET CAS Client和phpCAS 注入漏洞
CVE-2013-1598		多款Vivotek IP Camera产品操作系统命令注入漏洞
CVE-2020-6966		多款GE产品加密问题漏洞
CVE-2020-7964		Mirumee Saleor 信息泄露漏洞
CVE-2015-9541		Digia Qt 缓冲区错误漏洞
CVE-2014-9630		VideoLAN VLC Media Player 缓冲区错误漏洞
CVE-2014-9629		VideoLAN VLC Media Player 缓冲区错误漏洞
CVE-2014-9628		VideoLAN VLC media player 缓冲区错误漏洞
CVE-2014-9627		VideoLAN VLC Media Player 代码问题漏洞
CVE-2014-9626		VideoLAN VLC Media Player 数字错误漏洞
CVE-2014-9625		VideoLAN VLC media player 缓冲区错误漏洞
CVE-2014-1923		Koha 路径遍历漏洞
CVE-2012-6451		Lorex LNC116/LNC104 IP Cameras 授权问题漏洞

Showing top 20 of 37 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2020-7226

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-7226

I. Basic Information for CVE-2020-7226

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-7226

III. Intelligence Information for CVE-2020-7226

Same Patch Batch · n/a · 2020-01-24 · 37 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-7226

Leave a comment