VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Aug 20, 2013· Updated Apr 29, 2026

CVE-2013-2155

CVE-2013-2155

Description

Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions.

Affected products

13
  • Apache/Xml Security For C\+\+13 versions
    cpe:2.3:a:apache:xml_security_for_c\+\+:*:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:apache:xml_security_for_c\+\+:*:*:*:*:*:*:*:*range: <=1.7.0
    • cpe:2.3:a:apache:xml_security_for_c\+\+:0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:0.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.6.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.