VIR Vulnerability Intelligence Relay

CVE-2013-2154

high
Published 2013-08-20 · Modified 2026-04-29
CVSS v3
VIR risk
7.5

Description

Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed1.6.1-6
debian debianbullseyefixed1.6.1-6
debian debianforkyfixed1.6.1-6
debian debiansidfixed1.6.1-6
debian debiantrixiefixed1.6.1-6

Application impact
VendorProductVersionsFixed
apache apachexml_security_for_c\+\+{"endIncluding":"1.7.0"}
apache apachexml_security_for_c\+\+0.1.0
apache apachexml_security_for_c\+\+0.2.0
apache apachexml_security_for_c\+\+1.1.0
apache apachexml_security_for_c\+\+1.2.0
apache apachexml_security_for_c\+\+1.2.1
apache apachexml_security_for_c\+\+1.3.0
apache apachexml_security_for_c\+\+1.3.1
apache apachexml_security_for_c\+\+1.4.0
apache apachexml_security_for_c\+\+1.5.0
apache apachexml_security_for_c\+\+1.5.1
apache apachexml_security_for_c\+\+1.6.0
apache apachexml_security_for_c\+\+1.6.1

References

CWEs

CWE-119

💬 Discuss CVE-2013-2154 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.