VIR Vulnerability Intelligence Relay

CVE-2013-2156

high
Published 2013-08-20 · Modified 2026-04-29
CVSS v3
CVSS v2
7.5
VIR risk
7.5

Description

Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PrefixList attribute.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-2156

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://svn.apache.org/viewvc?view=revision&revision=1493961

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed1.6.1-6
debian debianbullseyefixed1.6.1-6
debian debianforkyfixed1.6.1-6
debian debiansidfixed1.6.1-6
debian debiantrixiefixed1.6.1-6

Application impact
VendorProductVersionsFixed
apache apachexml_security_for_c\+\+{"endIncluding":"1.7.0"}
apache apachexml_security_for_c\+\+0.1.0
apache apachexml_security_for_c\+\+0.2.0
apache apachexml_security_for_c\+\+1.1.0
apache apachexml_security_for_c\+\+1.2.0
apache apachexml_security_for_c\+\+1.2.1
apache apachexml_security_for_c\+\+1.3.0
apache apachexml_security_for_c\+\+1.3.1
apache apachexml_security_for_c\+\+1.4.0
apache apachexml_security_for_c\+\+1.5.0
apache apachexml_security_for_c\+\+1.5.1
apache apachexml_security_for_c\+\+1.6.0
apache apachexml_security_for_c\+\+1.6.1

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.