FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache-xml-security-c -- heap overflow

Affected packages
apache-xml-security-c < 1.7.1

Details

VuXML ID 279e5f4b-d823-11e2-928e-08002798f6ff
Discovery 2013-06-18
Entry 2013-06-18

The Apache Software Foundation reports:

A heap overflow exists in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitary code execution. If verification of the signature occurs prior to actual evaluation of a signing key, this could be exploited by an unauthenticated attacker.

References

CVE Name CVE-2013-2156
URL http://santuario.apache.org/secadv.data/CVE-2013-2156.txt