CVE-2013-2154
Apache Santuario XML Security for C++ Heap Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function.
Desbordamiento de búfer basado en pila en la funcionalidad Reference (xsec/dsig/DSIGReference.cpp) en Apache Santuario XML Security para C++ (aka xml-security-c) anterior a 1.7.1, permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) y posiblemente la ejecución arbitraria de código a través de expresiones XPointer mal formadas, probablemente relacionadas con la función DSIGReference::getURIBaseTXFM.
The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code. An attacker could use this to exploit an application performing signature verification if the application does not block the evaluation of such references prior to performing the verification step. The exploit would occur prior to the actual verification of the signature, so does not require authenticated content. Apache Santuario XML Security for C++ library versions prior to 1.7.2 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-02-19 CVE Reserved
- 2013-06-18 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (7)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGReference.cpp?r1=1125514&r2=1493959&pathrev=1493959&diff_format=h | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://santuario.apache.org/secadv.data/CVE-2013-2154.txt | 2023-11-07 | |
| http://www.debian.org/security/2013/dsa-2710 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Xml Security For C\+\+ Search vendor "Apache" for product "Xml Security For C\+\+" | <= 1.7.0 Search vendor "Apache" for product "Xml Security For C\+\+" and version " <= 1.7.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Xml Security For C\+\+ Search vendor "Apache" for product "Xml Security For C\+\+" | 0.1.0 Search vendor "Apache" for product "Xml Security For C\+\+" and version "0.1.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Xml Security For C\+\+ Search vendor "Apache" for product "Xml Security For C\+\+" | 0.2.0 Search vendor "Apache" for product "Xml Security For C\+\+" and version "0.2.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Xml Security For C\+\+ Search vendor "Apache" for product "Xml Security For C\+\+" | 1.1.0 Search vendor "Apache" for product "Xml Security For C\+\+" and version "1.1.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Xml Security For C\+\+ Search vendor "Apache" for product "Xml Security For C\+\+" | 1.2.0 Search vendor "Apache" for product "Xml Security For C\+\+" and version "1.2.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Xml Security For C\+\+ Search vendor "Apache" for product "Xml Security For C\+\+" | 1.2.1 Search vendor "Apache" for product "Xml Security For C\+\+" and version "1.2.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Xml Security For C\+\+ Search vendor "Apache" for product "Xml Security For C\+\+" | 1.3.0 Search vendor "Apache" for product "Xml Security For C\+\+" and version "1.3.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Xml Security For C\+\+ Search vendor "Apache" for product "Xml Security For C\+\+" | 1.3.1 Search vendor "Apache" for product "Xml Security For C\+\+" and version "1.3.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Xml Security For C\+\+ Search vendor "Apache" for product "Xml Security For C\+\+" | 1.4.0 Search vendor "Apache" for product "Xml Security For C\+\+" and version "1.4.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Xml Security For C\+\+ Search vendor "Apache" for product "Xml Security For C\+\+" | 1.5.0 Search vendor "Apache" for product "Xml Security For C\+\+" and version "1.5.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Xml Security For C\+\+ Search vendor "Apache" for product "Xml Security For C\+\+" | 1.5.1 Search vendor "Apache" for product "Xml Security For C\+\+" and version "1.5.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Xml Security For C\+\+ Search vendor "Apache" for product "Xml Security For C\+\+" | 1.6.0 Search vendor "Apache" for product "Xml Security For C\+\+" and version "1.6.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Xml Security For C\+\+ Search vendor "Apache" for product "Xml Security For C\+\+" | 1.6.1 Search vendor "Apache" for product "Xml Security For C\+\+" and version "1.6.1" | - |
Affected
| ||||||