CVE-2013-2154

2013-08-2000:00:00

ubuntu.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.01

Percentile

83.8%

JSON

Stack-based buffer overflow in the XML Signature Reference functionality
(xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka
xml-security-c) before 1.7.1 allows context-dependent attackers to cause a
denial of service (crash) and possibly execute arbitrary code via malformed
XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM
function.

Bugs

<https://bugs.launchpad.net/bugs/1192874>

Notes

Author	Note
jdstrand	incomplete fix for this introduces CVE-2013-2210

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchxml-security-c< 1.5.1-3+squeeze2build0.10.04.1UNKNOWN
ubuntu12.04noarchxml-security-c< 1.6.1-1ubuntu0.1UNKNOWN
ubuntu12.10noarchxml-security-c< 1.6.1-6~build0.12.10.1UNKNOWN
ubuntu13.04noarchxml-security-c< 1.6.1-6~build0.13.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	xml-security-c	< 1.5.1-3+squeeze2build0.10.04.1	UNKNOWN
ubuntu	12.04	noarch	xml-security-c	< 1.6.1-1ubuntu0.1	UNKNOWN
ubuntu	12.10	noarch	xml-security-c	< 1.6.1-6~build0.12.10.1	UNKNOWN
ubuntu	13.04	noarch	xml-security-c	< 1.6.1-6~build0.13.04.1	UNKNOWN