UBUNTU-CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing XMLDsig specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to...

Mageia: Security Advisory (MGASA-2018-0381)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for xml-security-c FEDORA-2018-a0d02065d0

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 29 : libdigidocpp / xml-security-c (2018-a0d02065d0)

Security fix for a NULL pointer dereference in xml-security-c. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

[SECURITY] Fedora 29 Update: xml-security-c-2.0.2-1.fc29

The xml-security-c library is a C++ implementation of the XML Digital Signature specification. The library makes use of the Apache XML project's Xerces-C XML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms...

Debian DLA-1594-1 : xml-security-c security update

A vulnerability in xml-security-c, a library for the XML Digital Security specification, has been found. Different KeyInfo combinations, like signatures without public key, result in incomplete DSA structures that crash openssl during verification. This vulnerability does not have a CVE identifie...

Debian: Security Advisory (DLA-1594-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1594-1] xml-security-c security update

Package : xml-security-c Version : 1.7.2-3+deb8u2 A vulnerability in xml-security-c, a library for the XML Digital Security specification, has been found. Different KeyInfo combinations, like signatures without public key, result in incomplete DSA structures that crash openssl during verification...

DLA-1594-1 xml-security-c - security update

Bulletin has no description...

FreeBSD : xml-security-c -- crashes on malformed KeyInfo content (5786185a-9a43-11e8-b34b-6cc21735f730)

The shibboleth project reports : SAML messages, assertions, and metadata all commonly make use of the XML Signature KeyInfo construct, which expresses information about keys and certificates used in signing or encrypting XML. The Apache Santuario XML Security for C++ library contained code paths ...

Debian DLA-1458-1 : xml-security-c security update

It was discovered that the Apache XML Security for C++ library performed insufficient validation of KeyInfo hints, which could result in denial of service via NULL pointer dereferences when processing malformed XML data. For Debian 8 'Jessie', this problem has been fixed in version 1.7.2-3+deb8u1...

Debian DSA-4265-1 : xml-security-c - security update

It was discovered that the Apache XML Security for C++ library performed insufficient validation of KeyInfo hints, which could result in denial of service via NULL pointer dereferences when processing malformed XML data. C Tenable Network Security, Inc. The descriptive text and package checks in...

DSA-4265-1 xml-security-c - security update

Bulletin has no description...

Debian: Security Advisory (DSA-4265-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2013-2210

Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ aka xml-security-c before 1.7.2 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this...

[SECURITY] [DSA 2717-1] xml-security-c security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2717-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso June 28, 2013 http://www.debian.org/security/faq -...

xml-security-c security vulnerabilities

Stack overflow, heap buffer overflow...

[SECURITY] [DSA 2710-1] xml-security-c security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2710-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso June 18, 2013 http://www.debian.org/security/faq -...

FreeBSD : apache-xml-security-c -- heap overflow during XPointer evaluation (81da673e-dfe1-11e2-9389-08002798f6ff)

The Apache Software Foundation reports : The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code. %NASLMINLEVEL 70300 ...

Debian DSA-2717-1 : xml-security-c - heap overflow

Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address CVE-2013-2154 introduced the possibility of a heap overflow in the processing of malformed XPointer expressions in the XML Signature...