120 matches found
CVE-2013-2154
Stack-based buffer overflow in the XML Signature Reference functionality xsec/dsig/DSIGReference.cpp in Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via malformed...
CVE-2013-2210
Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ aka xml-security-c before 1.7.2 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this...
CVE-2013-2154
Stack-based buffer overflow in the XML Signature Reference functionality xsec/dsig/DSIGReference.cpp in Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via malformed...
Updated xml-security-c package fixes multiple security vulnerabilities
The implementation of XML digital signatures in the Santuario-C++ library is vulnerable to a spoofing issue allowing an attacker to reuse existing signatures with arbitrary content CVE-2013-2153. A stack overflow, possibly leading to arbitrary code execution, exists in the processing of malformed...
PT-2013-1071 · Apache · Apache Santuario Xml Security For C++
Name of the Vulnerable Software and Affected Versions: Apache Santuario XML Security for C++ versions prior to 1.7.2 Description: The issue is related to a heap-based buffer overflow in the XML Signature Reference functionality, which can be exploited by context-dependent attackers using malforme...
CVE-2013-2210
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2210: Apache Santuario XML Security for C++ contains a heap overflow during XPointer evaluation Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library versions prior to...
Debian DSA-2717-1 : xml-security-c - heap overflow
Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address CVE-2013-2154 introduced the possibility of a heap overflow in the processing of malformed XPointer expressions in the XML Signature...
DSA-2717-1 xml-security-c - heap overflow
Bulletin has no description...
Apache Santuario XML Security for C++ 堆缓冲区溢出漏洞
BUGTRAQ ID: 60817 CVECAN ID: CVE-2013-2210 Apache Santuario是实现XML的主要安全标准。 Apache Santuario XML Security for C++ 1.7.2之前版本在XPointer求值中存在堆缓冲区溢出漏洞,成功利用后可允许远程攻击者在受影响应用上下文中执行任意代码。此漏洞是在CVE-2013-2154修复中引入的,源于XML签名引用处理代码中的畸形XPointer表达式处理。 0 Apache Group XML Security for C++ 1.6.1 Apache Group XML Securit...
apache-xml-security-c -- heap overflow during XPointer evaluation
The Apache Software Foundation reports: The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code...
Debian Security Advisory DSA 2710-1 (xml-security-c - several vulnerabilities)
James Forshaw from Context Information Security discovered several vulnerabilities in xml-security-c, an implementation of the XML Digital Security specification. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2153 The implementation of XML digital...
[SECURITY] Fedora 19 Update: libxml2-2.9.1-1.fc19
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
[SECURITY] Fedora 18 Update: libxml2-2.9.1-1.fc18
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
libxml: An off-by-one out-of-bounds write by XPointer part evaluation
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via unknown vectors...
Medium: libxml2
Issue Overview: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially-crafted XML file that, when opened in an application linked against libxml2,...
Fedora Update for libxml2 FEDORA-2012-13824
Check for the Version of libxml2 OpenVAS Vulnerability Test Fedora Update for libxml2 FEDORA-2012-13824 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
libxml: An off-by-one out-of-bounds write by XPointer part evaluation
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via unknown vectors...
Moderate: Red Hat Security Advisory: libxml2 security update
Updated libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity rating...
Ubuntu Update for libxml2 USN-1447-1
Ubuntu Update for Linux kernel vulnerabilities USN-1447-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN14471.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for libxml2 USN-1447-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...
Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libxml2 vulnerability (USN-1447-1)
Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the...