VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Aug 20, 2013· Updated Apr 29, 2026

CVE-2013-2210

CVE-2013-2210

Description

Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154.

Affected products

14
  • Apache/Xml Security For C\+\+14 versions
    cpe:2.3:a:apache:xml_security_for_c\+\+:*:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:apache:xml_security_for_c\+\+:*:*:*:*:*:*:*:*range: <=1.7.1
    • cpe:2.3:a:apache:xml_security_for_c\+\+:0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:0.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xml_security_for_c\+\+:1.7.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.