7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.051 Low
EPSS
Percentile
92.9%
The implementation of XML digital signatures in the Santuario-C++ library is vulnerable to a spoofing issue allowing an attacker to reuse existing signatures with arbitrary content (CVE-2013-2153). A stack overflow, possibly leading to arbitrary code execution, exists in the processing of malformed XPointer expressions in the XML Signature Reference processing code (CVE-2013-2154). A bug in the processing of the output length of an HMAC-based XML Signature would cause a denial of service when processing specially chosen input (CVE-2013-2155). A heap overflow exists in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitrary code execution (CVE-2013-2156). The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code (CVE-2013-2210).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 2 | noarch | xml-security-c | <Β 1.6.1-1.2 | xml-security-c-1.6.1-1.2.mga2 |
Mageia | 3 | noarch | xml-security-c | <Β 1.7.0-2.2 | xml-security-c-1.7.0-2.2.mga3 |