Published: 12/08/2015 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

XMLTooling-C prior to 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote malicious users to cause a denial of service (crash) via schema-invalid XML data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xmltooling project xmltooling

Debian Bug report logs - #793855 DoS, Shibboleth SP software crashes on well-formed but invalid XML (CVE-2015-0851) Package: src:xmltooling; Maintainer for src:xmltooling is Debian Shib Team <pkg-shibboleth-devel@listsaliothdebianorg>; Reported by: Luca Bruno <lucab@debianorg> Date: Tue, 28 Jul 2015 07:54:13 UTC ...

The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML This could allow remote attackers to cause a denial of service (crash) via crafted XML data For the oldstable distribution (wheezy), this problem has been fixed in versio ...

XMLTooling-C before 155, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data ...

CWE-189 http://shibboleth.net/community/advisories/secadv_20150721.txt http://www.debian.org/security/2015/dsa-3321 http://www.securityfocus.com/bid/76134 https://git.shibboleth.net/view/?p=cpp-xmltooling.git%3Ba=commitdiff%3Bh=2d795c731e6729309044607154978696a87fd900 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793855 https://www.debian.org/security/./dsa-3321 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-0851

CVE-2015-0851

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect