Lucene search

[email protected]CVE-2013-2210

HistoryAug 20, 2013 - 10:55 p.m.

CVE-2013-2210

2013-08-2022:55:04

CWE-119

[email protected]

web.nvd.nist.gov

cve-2013-2210

buffer overflow

apache santuario

xml security

xml signature reference

denial of service

arbitrary code

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.01

Percentile

83.8%

JSON

Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154.

Affected configurations

NVD

Node

apachexml_security_for_c\+\+Range≤1.7.1

apachexml_security_for_c\+\+Match0.1.0

apachexml_security_for_c\+\+Match0.2.0

apachexml_security_for_c\+\+Match1.1.0

apachexml_security_for_c\+\+Match1.2.0

apachexml_security_for_c\+\+Match1.2.1

apachexml_security_for_c\+\+Match1.3.0

apachexml_security_for_c\+\+Match1.3.1

apachexml_security_for_c\+\+Match1.4.0

apachexml_security_for_c\+\+Match1.5.0

apachexml_security_for_c\+\+Match1.5.1

apachexml_security_for_c\+\+Match1.6.0

apachexml_security_for_c\+\+Match1.6.1

apachexml_security_for_c\+\+Match1.7.0

VendorProductVersionCPE
apachexml_security_for_c%2B%2B0.1.0cpe:/a:apache:xml_security_for_c%2B%2B:0.1.0:::
apachexml_security_for_c%2B%2Bcpe:/a:apache:xml_security_for_c%2B%2B::::
apachexml_security_for_c%2B%2B1.2.0cpe:/a:apache:xml_security_for_c%2B%2B:1.2.0:::
apachexml_security_for_c%2B%2B1.5.1cpe:/a:apache:xml_security_for_c%2B%2B:1.5.1:::
apachexml_security_for_c%2B%2B1.3.1cpe:/a:apache:xml_security_for_c%2B%2B:1.3.1:::
apachexml_security_for_c%2B%2B1.6.1cpe:/a:apache:xml_security_for_c%2B%2B:1.6.1:::
apachexml_security_for_c%2B%2B1.5.0cpe:/a:apache:xml_security_for_c%2B%2B:1.5.0:::
apachexml_security_for_c%2B%2B1.2.1cpe:/a:apache:xml_security_for_c%2B%2B:1.2.1:::
apachexml_security_for_c%2B%2B1.3.0cpe:/a:apache:xml_security_for_c%2B%2B:1.3.0:::
apachexml_security_for_c%2B%2B1.6.0cpe:/a:apache:xml_security_for_c%2B%2B:1.6.0:::

Vendor	Product	Version	CPE
apache	xml_security_for_c%2B%2B	0.1.0	cpe:/a:apache:xml_security_for_c%2B%2B:0.1.0:::
apache	xml_security_for_c%2B%2B		cpe:/a:apache:xml_security_for_c%2B%2B::::
apache	xml_security_for_c%2B%2B	1.2.0	cpe:/a:apache:xml_security_for_c%2B%2B:1.2.0:::
apache	xml_security_for_c%2B%2B	1.5.1	cpe:/a:apache:xml_security_for_c%2B%2B:1.5.1:::
apache	xml_security_for_c%2B%2B	1.3.1	cpe:/a:apache:xml_security_for_c%2B%2B:1.3.1:::
apache	xml_security_for_c%2B%2B	1.6.1	cpe:/a:apache:xml_security_for_c%2B%2B:1.6.1:::
apache	xml_security_for_c%2B%2B	1.5.0	cpe:/a:apache:xml_security_for_c%2B%2B:1.5.0:::
apache	xml_security_for_c%2B%2B	1.2.1	cpe:/a:apache:xml_security_for_c%2B%2B:1.2.1:::
apache	xml_security_for_c%2B%2B	1.3.0	cpe:/a:apache:xml_security_for_c%2B%2B:1.3.0:::
apache	xml_security_for_c%2B%2B	1.6.0	cpe:/a:apache:xml_security_for_c%2B%2B:1.6.0:::