The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code. An attacker could use this to exploit an application performing signature verification if the application does not block the evaluation of such references prior to performing the verification step. The exploit would occur prior to the actual verification of the signature, so does not require authenticated content. Apache Santuario XML Security for C++ library versions prior to 1.7.2 are affected.
ed557eaf432b8220b8a580b3a0a313162a1d2211f6e1ea637a19dc2d29e16038Debian Linux Security Advisory 2710-1 - James Forshaw from Context Information Security discovered several vulnerabilities in xml-security-c, an implementation of the XML Digital Security specification.
9115a6092e44a563c15e997a4b11c3f9292f19c14422c4354bf87e64e409defaA stack overflow, possibly leading to arbitrary code execution, exists in the processing of malformed XPointer expressions in the XML Signature Reference processing code. An attacker could use this to exploit an application performing signature verification if the application does not block the evaluation of such references prior to performing the verification step. The exploit would occur prior to the actual verification of the signature, so does not require authenticated content. Versions prior to 1.7.1 are affected.
af0afeb75458291b861cf5f636dc2a226e089a6059ccbe7118f0979ffd301af2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed