You are here

V-188: Apache XML Security XPointer Expressions Processing Buffer Overflow Vulnerability

June 28, 2013 - 6:00am

Addthis

PROBLEM:

A vulnerability has been reported in Apache XML Security

PLATFORM:

vulnerability is reported in versions prior to 1.7.2

ABSTRACT:

The vulnerability addresses the possibility of a heap overflow condition

REFERENCE LINKS:

Secunia Advisory SA53959
Apache Advisory
CVE-2013-2210

IMPACT ASSESSMENT:

High

DISCUSSION:

The vulnerability is caused due to an error within the XML Signature Reference processing code and can be exploited to cause a heap-based buffer overflow via a specially crafted document containing malformed XPointer expressions.

IMPACT:

Successful exploitation may allow execution of arbitrary code

SOLUTION:

Vendor recommends updating to current version

Addthis