Debian Linux Security Advisory 2710-1 - James Forshaw from Context Information Security discovered several vulnerabilities in xml-security-c, an implementation of the XML Digital Security specification.
9115a6092e44a563c15e997a4b11c3f9292f19c14422c4354bf87e64e409defaA heap overflow exists in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitrary code execution. If verification of the signature occurs prior to actual evaluation of a signing key, this could be exploited by an unauthenticated attacker. Apache Santuario XML Security for C++ library versions prior to 1.7.1 are affected.
8d2ae10fa63742af710c4959f5b09bc760cf1e6de68ca6c11e5d303b15106ce4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed