Launchpad CVE tracker

CVE 2011-2516

Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.

Related bugs and status

CVE-2011-2516 (Candidate) is related to these bugs:

Bug #807414: Buffer overflow bugs CVE-2011-2516

		In	Importance	Status
807414	Buffer overflow bugs CVE-2011-2516	xml-security-c (Ubuntu)	Undecided	Fix Released
807414	Buffer overflow bugs CVE-2011-2516	xml-security-c (Debian)	Unknown	Fix Released
807414	Buffer overflow bugs CVE-2011-2516	xml-security-c (Ubuntu Maverick)	Undecided	Fix Released
807414	Buffer overflow bugs CVE-2011-2516	xml-security-c (Ubuntu Natty)	Undecided	Fix Released
807414	Buffer overflow bugs CVE-2011-2516	xml-security-c (Ubuntu Oneiric)	Undecided	Fix Released
807414	Buffer overflow bugs CVE-2011-2516	xml-security-c (Ubuntu Lucid)	Undecided	Fix Released

Bug #807416: Security bug in xml-security-c may require rebuilding of this package

Summary				In	Importance	Status
	807416	Security bug in xml-security-c may require rebuilding of this package		shibboleth-sp2 (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-2516

References