VYPR
Unrated severityNVD Advisory· Published Jul 11, 2011· Updated Jun 16, 2026

CVE-2011-2516

CVE-2011-2516

Description

Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

18
  • cpe:2.3:a:apache:xml_security_for_c\+\+:1.6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.6.0:*:*:*:*:*:*:*
    • (no CPE)range: =1.6.0
  • cpe:2.3:a:shibboleth:shibboleth-sp:*:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:shibboleth:shibboleth-sp:*:*:*:*:*:*:*:*range: <=2.4.2
    • cpe:2.3:a:shibboleth:shibboleth-sp:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:shibboleth:shibboleth-sp:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:shibboleth:shibboleth-sp:1.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:shibboleth:shibboleth-sp:1.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:shibboleth:shibboleth-sp:1.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:shibboleth:shibboleth-sp:1.3f:*:*:*:*:*:*:*
    • cpe:2.3:a:shibboleth:shibboleth-sp:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:shibboleth:shibboleth-sp:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:shibboleth:shibboleth-sp:2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:shibboleth:shibboleth-sp:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:shibboleth:shibboleth-sp:2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:shibboleth:shibboleth-sp:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:shibboleth:shibboleth-sp:2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:shibboleth:shibboleth-sp:2.4.1:*:*:*:*:*:*:*
  • Range: <2.4.3

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.