Red Hat Bugzilla – Bug 971455
CVE-2013-2156 xml-security-c: Heap-based buffer overflow when processing certain PrefixList attribute values in the Exclusive Canonicalization mode
Last modified: 2016-03-04 06:06:25 EST
A heap-based buffer overflow flaw was found in the way Exclusive Canonicalization PrefixList attribute content processing functionality of Apache Santuario-C++ (AKA xml-security-c), a C++ language implementation of W3C security standards for XML, used to manage internal buffers in certain circumstances. A remote attacker could provide a XML file with specially-crafted value of the PrefixList attribute to an application linked against xml-security-c performing Exclusive Canonicalization-based XML verification that, when processed would lead to that application crash or, potentially, arbitrary code execution with the privileges of the user running the application.
Red Hat would like to thank Scott Cantor of Apache Santuario-C++ upstream for reporting of this issue. Upstream acknowledges James Forshaw of Context Information Security as the original issue reporter.
This issue affects the versions of the xml-security-c package, as shipped with Fedora release of 17 and 18.
This issue affects the versions of the xml-security-c package, as shipped with Fedora EPEL-5 and Fedora EPEL-6.
Created xml-security-c tracking bugs for this issue
Affects: fedora-all [bug 975304]
Affects: epel-all [bug 975305]