CVE-2013-2210
20.08.2013, 22:55
Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154.Enginsight
| Vendor | Product | Version |
|---|---|---|
| apache | xml_security_for_c\+\+ | 𝑥 ≤ 1.7.1 |
| apache | xml_security_for_c\+\+ | 0.1.0 |
| apache | xml_security_for_c\+\+ | 0.2.0 |
| apache | xml_security_for_c\+\+ | 1.1.0 |
| apache | xml_security_for_c\+\+ | 1.2.0 |
| apache | xml_security_for_c\+\+ | 1.2.1 |
| apache | xml_security_for_c\+\+ | 1.3.0 |
| apache | xml_security_for_c\+\+ | 1.3.1 |
| apache | xml_security_for_c\+\+ | 1.4.0 |
| apache | xml_security_for_c\+\+ | 1.5.0 |
| apache | xml_security_for_c\+\+ | 1.5.1 |
| apache | xml_security_for_c\+\+ | 1.6.0 |
| apache | xml_security_for_c\+\+ | 1.6.1 |
| apache | xml_security_for_c\+\+ | 1.7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References