VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Aug 20, 2013· Updated Apr 29, 2026

CVE-2013-2154

CVE-2013-2154

Description

Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function.

Affected products

13
  • Apache/Xml Security For C\+\+13 versions
    cpe:2.3:a:apache:xml_security_for_c\+\+:*:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:apache:xml_security_for_c\+\+:*:*:*:*:*:*:*:*range: <=1.7.0
    • cpe:2.3:a:apache:xml_security_for_c\+\+:0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:0.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.6.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.