what you don't know can hurt you
Showing 1 - 3 of 3 RSS Feed

CVE-2013-2154

Status Candidate

Overview

Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function.

Related Files

Apache Santuario XML Security For C++ Heap Overflow
Posted Jun 27, 2013
Authored by Jon Erickson

The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code. An attacker could use this to exploit an application performing signature verification if the application does not block the evaluation of such references prior to performing the verification step. The exploit would occur prior to the actual verification of the signature, so does not require authenticated content. Apache Santuario XML Security for C++ library versions prior to 1.7.2 are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2013-2154, CVE-2013-2210
MD5 | 94f3d21daa75c010adc2c62206b9ca7d
Debian Security Advisory 2710-1
Posted Jun 18, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2710-1 - James Forshaw from Context Information Security discovered several vulnerabilities in xml-security-c, an implementation of the XML Digital Security specification.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-2153, CVE-2013-2154, CVE-2013-2155, CVE-2013-2156
MD5 | 525549cd799522023f2f2b7008911282
Apache Santuario XML Security For C++ Stack Overflow
Posted Jun 18, 2013
Authored by James Forshaw

A stack overflow, possibly leading to arbitrary code execution, exists in the processing of malformed XPointer expressions in the XML Signature Reference processing code. An attacker could use this to exploit an application performing signature verification if the application does not block the evaluation of such references prior to performing the verification step. The exploit would occur prior to the actual verification of the signature, so does not require authenticated content. Versions prior to 1.7.1 are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2013-2154
MD5 | 2e4c041ed6441f26334548c790ec639b
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close