Bug 971443 - (CVE-2013-2154) CVE-2013-2154 xml-security-c: Stack-based buffer overflow when evaluating certain XPointer expressions
CVE-2013-2154 xml-security-c: Stack-based buffer overflow when evaluating cer...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 975304 975305
Blocks: 971467
  Show dependency treegraph
Reported: 2013-06-06 10:18 EDT by Jan Lieskovsky
Modified: 2016-03-04 06:26 EST (History)
1 user (show)

See Also:
Fixed In Version: xml-security-c-1.7.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-08-22 11:49:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2013-06-06 10:18:22 EDT
A stack-based buffer overflow flaw was found in the way XML Signature Reference processing code of Apache Santuario-C++ (AKA xml-security-c), a C++ language implementation of W3C security standards for XML, performed evaluation of certain XPointer expressions (a fixed size buffer was previously allocated regardless of the actual XPointer expression length). A remote attacker could provide a specially-crafted XPointer expression to the application linked against xml-security-c performing signature verification that, when processed would lead to that application crash.

Upstream advisory:
[1] http://santuario.apache.org/secadv.data/CVE-2013-2154.txt

Relevant patch:
[2] http://svn.apache.org/viewvc?view=revision&revision=r1493959


Red Hat would like to thank Scott Cantor of Apache Santuario-C++ upstream for reporting of this issue. Upstream acknowledges James Forshaw of Context Information Security as the original issue reporter.
Comment 2 Jan Lieskovsky 2013-06-06 10:20:52 EDT
This issue affects the versions of the xml-security-c package, as shipped with Fedora release of 17 and 18.


This issue affects the versions of the xml-security-c package, as shipped with Fedora EPEL-5 and Fedora EPEL-6.
Comment 3 Huzaifa S. Sidhpurwala 2013-06-18 00:17:49 EDT
Public via:

Comment 4 Huzaifa S. Sidhpurwala 2013-06-18 00:22:46 EDT
Created xml-security-c tracking bugs for this issue

Affects: fedora-all [bug 975304]
Affects: epel-all [bug 975305]

Note You need to log in before you can comment on or make changes to this bug.