ubuntu · CVE-2011-2516

Quick triage

Priority: medium Published: 2011-07-11 20:55:00 UTC Updated: 2024-07-24 15:57:39 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2011-2516 medium priority: Ubuntu including 2 source packages (shibboleth-sp2, xml-security-c), 36 status rows across 18 suites (artful, hardy, lucid, maverick, natty, oneiric, precise, quantal, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): not-affected 16, ignored 13, released 4, DNE 3.

Description:

Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.

cvelogic Threat Intelligence