Apache Santuario XML Security for C++ heap overflow

2013.08.21
Credit: Jon Erickson
Risk: High
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

CVE-2013-2210: Apache Santuario XML Security for C++ contains a heap overflow during XPointer evaluation Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library versions prior to V1.7.2 Description: The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code. An attacker could use this to exploit an application performing signature verification if the application does not block the evaluation of such references prior to performing the verification step. The exploit would occur prior to the actual verification of the signature, so does not require authenticated content. Mitigation: Applications that do not otherwise prevent the evaluation of XPointer expressions during signature verification and are using library versions older than V1.7.2 should upgrade as soon as possible. Distributors of older versions should apply the patches from this subversion revision: http://svn.apache.org/viewvc?view=revision&revision=r1496703 Credit: This issue was reported by Jon Erickson of iSIGHT Partners Labs References: http://santuario.apache.org/ http://santuario.apache.org/secadv.data/CVE-2013-2154.txt

References:

http://www.debian.org/security/2013/dsa-2717
http://santuario.apache.org/secadv.data/CVE-2013-2210.txt
http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0216.html
http://cxsecurity.com/issue/WLB-2013060148


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top