Описание
Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 2.5.2+dfsg-2 |
| devel | not-affected | 2.5.2+dfsg-2 |
| esm-apps/xenial | not-affected | 2.5.2+dfsg-2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [2.5.2+dfsg-2]] |
| hardy | DNE | |
| lucid | ignored | end of life |
| maverick | ignored | end of life |
| natty | ignored | end of life |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 1.6.1-1 |
| devel | not-affected | 1.6.1-1 |
| esm-apps/xenial | not-affected | 1.6.1-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [1.6.1-1]] |
| hardy | ignored | end of life |
| lucid | released | 1.5.1-3+squeeze1build0.10.04.1 |
| maverick | released | 1.5.1-3+squeeze1build0.10.10.1 |
| natty | released | 1.5.1-3+squeeze1build0.11.04.1 |
| oneiric | not-affected | 1.6.1-1 |
| precise | not-affected | 1.6.1-1 |
Показывать по
5 Medium
CVSS2
Связанные уязвимости
Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
Off-by-one error in the XML signature feature in Apache XML Security f ...
Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
5 Medium
CVSS2