CVE-2013-2210
Published Aug 20, 2013
Last updated a year ago
Overview
- Description
- Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-119
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "113A1DF8-A7DC-4349-B2B2-0ED1D704C2AB",
"versionEndIncluding": "1.7.1"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:0.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CFD5684C-5B70-4CD3-89E7-0F3097958AAA"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:0.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED43C71F-52EF-4689-B318-58F61A851BA3"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CEDB2652-EAAB-43B6-B696-3F959BA8FF44"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D49CBC6A-9D55-4DD0-B8DE-EA180ECDC65E"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9261A27B-0AAE-4E04-B86A-6580A5AF2338"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52CA39D1-4388-4D32-9731-A77A398AC7CF"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "121C098C-89AF-4BC2-976B-A4D6A67834DD"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C786580-77FE-4E7E-AA2E-39B976CD8C01"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BAC98AB-3D00-43C3-9DF1-39857DFD3A2A"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84C316AD-4D17-4286-9A63-300D04CD276B"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D0DC1ED-A147-44FA-9A4D-364B98921C35"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B2CEC20-1F70-4D95-8972-3163720BCC20"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE20197C-8A9D-4EB7-AB32-D4E4B6A97B42"
}
],
"operator": "OR"
}
]
}
]