Launchpad CVE tracker

CVE 2013-2156

Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PrefixList attribute.

Related bugs and status

CVE-2013-2156 (Candidate) is related to these bugs:

Bug #1192874: heap overflow while processing InclusiveNamespace PrefixList

		In	Importance	Status
1192874	heap overflow while processing InclusiveNamespace PrefixList	xml-security-c (Ubuntu)	Undecided	Fix Released
1192874	heap overflow while processing InclusiveNamespace PrefixList	xml-security-c (Ubuntu Precise)	Undecided	Fix Released
1192874	heap overflow while processing InclusiveNamespace PrefixList	xml-security-c (Ubuntu Quantal)	Undecided	Fix Released
1192874	heap overflow while processing InclusiveNamespace PrefixList	xml-security-c (Ubuntu Raring)	Undecided	Fix Released
1192874	heap overflow while processing InclusiveNamespace PrefixList	xml-security-c (Ubuntu Saucy)	Undecided	Fix Released

Bug #1199969: Fix for CVE-2013-2154 introduced another possible heap overflow

		In	Importance	Status
1199969	Fix for CVE-2013-2154 introduced another possible heap overflow	xml-security-c (Ubuntu)	High	Fix Released
1199969	Fix for CVE-2013-2154 introduced another possible heap overflow	xml-security-c (Ubuntu Precise)	Undecided	Fix Released
1199969	Fix for CVE-2013-2154 introduced another possible heap overflow	xml-security-c (Ubuntu Quantal)	Undecided	Fix Released
1199969	Fix for CVE-2013-2154 introduced another possible heap overflow	xml-security-c (Ubuntu Raring)	Undecided	Fix Released
1199969	Fix for CVE-2013-2154 introduced another possible heap overflow	xml-security-c (Ubuntu Saucy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-2156

References