CVE-2013-2154

2013-08-20T00:00:00
ID UB:CVE-2013-2154
Type ubuntucve
Reporter ubuntu.com
Modified 2013-08-20T00:00:00

Description

Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function.

Bugs

  • <https://bugs.launchpad.net/bugs/1192874>

Notes

Author| Note
---|---
jdstrand | incomplete fix for this introduces CVE-2013-2210