CVE-2011-2516
xml-security-c - buffer overflow
EPSS 7.3%
Description
Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
How to fix CVE-2011-2516
To remediate CVE-2011-2516, upgrade the affected package to a fixed version below.
- Debian/xml-security-c—upgrade to 1.6.1-1 or later
- Debian/xml-security-c—upgrade to 1.4.0-3+lenny3 or later
Is CVE-2011-2516 being exploited?
Moderate — EPSS is 7.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.6.1-1
- from 0, < 1.4.0-3+lenny3