Bug 971455 - (CVE-2013-2156) CVE-2013-2156 xml-security-c: Heap-based buffer overflow when processing certain PrefixList attribute values in the Exclusive Canonicalization mode
CVE-2013-2156 xml-security-c: Heap-based buffer overflow when processing cert...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 975304 975305
Blocks: 971467
  Show dependency treegraph
Reported: 2013-06-06 10:53 EDT by Jan Lieskovsky
Modified: 2016-03-04 06:06 EST (History)
1 user (show)

See Also:
Fixed In Version: xml-security-c-1.7.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2013-06-06 10:53:46 EDT
A heap-based buffer overflow flaw was found in the way Exclusive Canonicalization PrefixList attribute content processing functionality of Apache Santuario-C++ (AKA xml-security-c), a C++ language implementation of W3C security standards for XML, used to manage internal buffers in certain circumstances. A remote attacker could provide a XML file with specially-crafted value of the PrefixList attribute to an application linked against xml-security-c performing Exclusive Canonicalization-based XML verification that, when processed would lead to that application crash or, potentially, arbitrary code execution with the privileges of the user running the application.

Upstream advisory:
[1] http://santuario.apache.org/secadv.data/CVE-2013-2156.txt

Relevant patch:
[2] http://svn.apache.org/viewvc?view=revision&revision=1493961


Red Hat would like to thank Scott Cantor of Apache Santuario-C++ upstream for reporting of this issue. Upstream acknowledges James Forshaw of Context Information Security as the original issue reporter.
Comment 2 Jan Lieskovsky 2013-06-06 10:56:45 EDT
This issue affects the versions of the xml-security-c package, as shipped with Fedora release of 17 and 18.


This issue affects the versions of the xml-security-c package, as shipped with Fedora EPEL-5 and Fedora EPEL-6.
Comment 3 Huzaifa S. Sidhpurwala 2013-06-18 00:19:47 EDT
Public via:

Comment 4 Huzaifa S. Sidhpurwala 2013-06-18 00:24:56 EDT
Created xml-security-c tracking bugs for this issue

Affects: fedora-all [bug 975304]
Affects: epel-all [bug 975305]

Note You need to log in before you can comment on or make changes to this bug.