Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Santuario 缓冲区错误漏洞
Vulnerability Description
Apache Santuario是美国阿帕奇(Apache)基金会的一套实现XML的主要安全标准,它包含两个库:Apache XML Security for Java和Apache XML Security for C++。 Apache Santuario 1.7.1及之前版本存在缓冲区错误漏洞。上下文相关的攻击者可借助畸形的XPointer表达式,利用该漏洞造成拒绝服务(崩溃),也可能执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A