FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
279e5f4b-d823-11e2-928e-08002798f6ffapache-xml-security-c -- heap overflow

The Apache Software Foundation reports:

A heap overflow exists in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitary code execution. If verification of the signature occurs prior to actual evaluation of a signing key, this could be exploited by an unauthenticated attacker.


Discovery 2013-06-18
Entry 2013-06-18
apache-xml-security-c
< 1.7.1

CVE-2013-2156
http://santuario.apache.org/secadv.data/CVE-2013-2156.txt
81da673e-dfe1-11e2-9389-08002798f6ffapache-xml-security-c -- heap overflow during XPointer evaluation

The Apache Software Foundation reports:

The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code.


Discovery 2013-06-27
Entry 2013-06-28
apache-xml-security-c
< 1.7.2

CVE-2013-2210
http://santuario.apache.org/secadv.data/CVE-2013-2210.txt
5786185a-9a43-11e8-b34b-6cc21735f730xml-security-c -- crashes on malformed KeyInfo content

The shibboleth project reports:

SAML messages, assertions, and metadata all commonly make use of the XML Signature KeyInfo construct, which expresses information about keys and certificates used in signing or encrypting XML.

The Apache Santuario XML Security for C++ library contained code paths at risk of dereferencing null pointers when processing various kinds of malformed KeyInfo hints typically found in signed or encrypted XML. The usual effect is a crash, and in the case of the Shibboleth SP software, a crash in the shibd daemon, which prevents access to protected resources until the daemon is restarted.


Discovery 2018-08-03
Entry 2018-08-07
apache-xml-security-c
< 2.0.1

https://shibboleth.net/community/advisories/secadv_20180803.txt