Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth prior to 2.4.3 and possibly other products, allows remote malicious users to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache xml security for c\\+\\+ 1.6.0 |
||
shibboleth shibboleth-sp 1.3.2 |
||
shibboleth shibboleth-sp 1.3.3 |
||
shibboleth shibboleth-sp |
||
shibboleth shibboleth-sp 2.4.1 |
||
shibboleth shibboleth-sp 1.3.4 |
||
shibboleth shibboleth-sp 2.2 |
||
shibboleth shibboleth-sp 2.1 |
||
shibboleth shibboleth-sp 1.3f |
||
shibboleth shibboleth-sp 2.0 |
||
shibboleth shibboleth-sp 2.4 |
||
shibboleth shibboleth-sp 2.2.1 |
||
shibboleth shibboleth-sp 2.3.1 |
||
shibboleth shibboleth-sp 2.3 |
||
shibboleth shibboleth-sp 1.3.1 |
||
shibboleth shibboleth-sp 1.3.5 |