7 matches found
CVE-2013-2156
Heap-based buffer overflow in the Exclusive Canonicalization functionality xsec/canon/XSECC14n20010315.cpp in Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted PrefixLi...
CVE-2013-2156
Heap-based buffer overflow in the Exclusive Canonicalization functionality xsec/canon/XSECC14n20010315.cpp in Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted PrefixLi...
CVE-2013-2156
Heap-based buffer overflow in the Exclusive Canonicalization functionality xsec/canon/XSECC14n20010315.cpp in Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted PrefixLi...
Updated xml-security-c package fixes multiple security vulnerabilities
The implementation of XML digital signatures in the Santuario-C++ library is vulnerable to a spoofing issue allowing an attacker to reuse existing signatures with arbitrary content CVE-2013-2153. A stack overflow, possibly leading to arbitrary code execution, exists in the processing of malformed...
[SECURITY] [DSA 2710-1] xml-security-c security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2710-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso June 18, 2013 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2710-1 (xml-security-c - several vulnerabilities)
James Forshaw from Context Information Security discovered several vulnerabilities in xml-security-c, an implementation of the XML Digital Security specification. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2153 The implementation of XML digital...
apache-xml-security-c -- heap overflow
The Apache Software Foundation reports: A heap overflow exists in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitary code execution. If verification of the signature occurs prior to actual evaluation of a signin...