A stack-based buffer overflow flaw was found in the way XML Signature Reference processing code of Apache Santuario-C++ (AKA xml-security-c), a C++ language implementation of W3C security standards for XML, performed evaluation of certain XPointer expressions (a fixed size buffer was previously allocated regardless of the actual XPointer expression length). A remote attacker could provide a specially-crafted XPointer expression to the application linked against xml-security-c performing signature verification that, when processed would lead to that application crash. Upstream advisory: [1] http://santuario.apache.org/secadv.data/CVE-2013-2154.txt Relevant patch: [2] http://svn.apache.org/viewvc?view=revision&revision=r1493959 Acknowledgements: Red Hat would like to thank Scott Cantor of Apache Santuario-C++ upstream for reporting of this issue. Upstream acknowledges James Forshaw of Context Information Security as the original issue reporter.
This issue affects the versions of the xml-security-c package, as shipped with Fedora release of 17 and 18. -- This issue affects the versions of the xml-security-c package, as shipped with Fedora EPEL-5 and Fedora EPEL-6.
Public via: http://santuario.apache.org/secadv.data/CVE-2013-2154.txt
Created xml-security-c tracking bugs for this issue Affects: fedora-all [bug 975304] Affects: epel-all [bug 975305]