CVE-2013-2154

The CVE-2013-2154 entry affects Apache Santuario XML Security for C++ (xml-security-c) before 1.7.1, with a stack-based buffer overflow in DSIGReference::getURIBaseTXFM potentially allowing denial of service and, in some cases, arbitrary code execution via malformed XPointer expressions. Related ...

CVE-2013-2155

CVE-2013-2155 affects Apache Santuario XML Security for C++ (xml-security-c) prior to 1.7.1. The issue is failure to properly validate length values, allowing remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof signatures via crafted length val...

CVE-2013-2210

CVE-2013-2210: Heap-based buffer overflow in the XML Signature Reference functionality of Apache Santuario XML Security for C++ (xml-security-c) prior to 1.7.2. Causes DoS (crash) and potentially arbitrary code execution via malformed XPointer expressions, stemming from an incorrect fix for CVE-2...

CVE-2011-2516

CVE-2011-2516 affects xml-security-c (XML Digital Signature for C++). The off-by-one/buffer overflow vulnerability occurs in the XML signature verification/signing path when using very large RSA keys (notably 8192+ bits), potentially crashing applications or, per Debian advisory, allowing arbitra...

CVE-2013-2156

The CVE-2013-2156 entry concerns Apache Santuario XML Security for C++ (xml-security-c) prior to 1.7.1. A heap-based buffer overflow occurs in the PrefixList attribute handling within the Exclusive Canonicalization code (XSECC14n20010315.cpp), enabling a remote attacker to cause a denial of servi...

CVE-2013-2153

The CVE-2013-2153 issue affects Apache Santuario XML Security for C++ (xml-security-c) prior to 1.7.1. The vulnerability lies in the XML digital signature handling (DSIGReference.cpp), which allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference e...