CVE-2013-2210: Buffer Overflow
First published: Tue Aug 20 2013(Updated: )
Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache XML Security for C++ | <=1.7.1 | |
| Apache XML Security for C++ | =0.1.0 | |
| Apache XML Security for C++ | =0.2.0 | |
| Apache XML Security for C++ | =1.1.0 | |
| Apache XML Security for C++ | =1.2.0 | |
| Apache XML Security for C++ | =1.2.1 | |
| Apache XML Security for C++ | =1.3.0 | |
| Apache XML Security for C++ | =1.3.1 | |
| Apache XML Security for C++ | =1.4.0 | |
| Apache XML Security for C++ | =1.5.0 | |
| Apache XML Security for C++ | =1.5.1 | |
| Apache XML Security for C++ | =1.6.0 | |
| Apache XML Security for C++ | =1.6.1 | |
| Apache XML Security for C++ | =1.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0216.html
- http://santuario.apache.org/secadv.data/CVE-2013-2210.txt
- http://www.debian.org/security/2013/dsa-2717
- https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E
- https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E
- https://www.tenable.com/security/tns-2018-15
Frequently Asked Questions
What is the severity of CVE-2013-2210?
CVE-2013-2210 is considered to have moderate severity due to its potential impact on denial of service and arbitrary code execution.
How do I fix CVE-2013-2210?
To fix CVE-2013-2210, upgrade to Apache Santuario XML Security for C++ version 1.7.2 or later.
What systems are affected by CVE-2013-2210?
CVE-2013-2210 affects Apache Santuario XML Security for C++ versions prior to 1.7.2.
Can CVE-2013-2210 lead to data breaches?
While CVE-2013-2210 primarily leads to denial of service, it may also create an opportunity for attackers to execute arbitrary code, potentially leading to data breaches.
What exploit methods are associated with CVE-2013-2210?
CVE-2013-2210 can be exploited by attackers using malformed XPointer expressions.
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache xml security for c++
- version/apache xml security for c++/1.7.1
- version/apache xml security for c++/0.1.0
- version/apache xml security for c++/0.2.0
- version/apache xml security for c++/1.1.0
- version/apache xml security for c++/1.2.0
- version/apache xml security for c++/1.2.1
- version/apache xml security for c++/1.3.0
- version/apache xml security for c++/1.3.1
- version/apache xml security for c++/1.4.0
- version/apache xml security for c++/1.5.0
- version/apache xml security for c++/1.5.1
- version/apache xml security for c++/1.6.0
- version/apache xml security for c++/1.6.1
- version/apache xml security for c++/1.7.0