Red Hat Bugzilla – Bug 971443
CVE-2013-2154 xml-security-c: Stack-based buffer overflow when evaluating certain XPointer expressions
Last modified: 2016-03-04 06:26:02 EST
A stack-based buffer overflow flaw was found in the way XML Signature Reference processing code of Apache Santuario-C++ (AKA xml-security-c), a C++ language implementation of W3C security standards for XML, performed evaluation of certain XPointer expressions (a fixed size buffer was previously allocated regardless of the actual XPointer expression length). A remote attacker could provide a specially-crafted XPointer expression to the application linked against xml-security-c performing signature verification that, when processed would lead to that application crash.
Red Hat would like to thank Scott Cantor of Apache Santuario-C++ upstream for reporting of this issue. Upstream acknowledges James Forshaw of Context Information Security as the original issue reporter.
This issue affects the versions of the xml-security-c package, as shipped with Fedora release of 17 and 18.
This issue affects the versions of the xml-security-c package, as shipped with Fedora EPEL-5 and Fedora EPEL-6.
Created xml-security-c tracking bugs for this issue
Affects: fedora-all [bug 975304]
Affects: epel-all [bug 975305]