CVE-2013-2210
xml-security-c - heap overflow
EPSS 1.6%
Description
Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154.
How to fix CVE-2013-2210
To remediate CVE-2013-2210, upgrade the affected package to a fixed version below.
- Debian/xml-security-c—upgrade to 1.6.1-7 or later
- Debian/xml-security-c—upgrade to 1.5.1-3+squeeze3 or later
Is CVE-2013-2210 being exploited?
Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.6.1-7
- from 0, < 1.5.1-3+squeeze3