Bug 978988 - (CVE-2013-2210) CVE-2013-2210 xml-security-c: Heap-buffer overflow during XPointer evaluation
CVE-2013-2210 xml-security-c: Heap-buffer overflow during XPointer evaluation
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20130626,repor...
: Security
Depends On: 978990 978991
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-27 08:40 EDT by Jan Lieskovsky
Modified: 2016-03-04 06:50 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2013-06-27 08:40:40 EDT
A heap-based buffer overflow flaw was found in the way xml-security-c, a C++ implementation of the XML Digital Signature specification, used to evaluate certain XPointer expressions. The fix to address CVE-2013-2154 flaw introduced a possibility of a heap-based buffer overflow, in the processing of malformed XPointer expression in the XML Signature References processing code. A remote attacker could provide a specially-crafted XML file to an application linked against xml-security-c that, when processed would lead to that application crash or, potentially, arbitrary code execution with the privileges of the user running the application.

References:
[1] http://santuario.apache.org/secadv.data/CVE-2013-2210.txt

Relevant upstream patch:
[2] http://svn.apache.org/viewvc?view=revision&revision=r1496703
Comment 1 Jan Lieskovsky 2013-06-27 08:46:32 EDT
Created xml-security-c tracking bugs for this issue:

Affects: fedora-all [bug 978990]
Affects: epel-all [bug 978991]

Note You need to log in before you can comment on or make changes to this bug.