CVE-2013-2156

Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PrefixList attribute.

Published: Aug 20, 2013
Updated: Nov 9, 2025
CVE: CVE-2013-2156
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
apache / xml_security_for_c++	1.6.0	1.6.0.x
apache / xml_security_for_c++	1.1.0	1.1.0.x
apache / xml_security_for_c++	1.6.1	1.6.1.x
apache / xml_security_for_c++	1.2.1	1.2.1.x
apache / xml_security_for_c++	1.5.1	1.5.1.x
apache / xml_security_for_c++	1.5.0	1.5.0.x
apache / xml_security_for_c++	0.2.0	0.2.0.x
apache / xml_security_for_c++	1.3.0	1.3.0.x
apache / xml_security_for_c++	-	1.7.0.x
apache / xml_security_for_c++	1.4.0	1.4.0.x
apache / xml_security_for_c++	1.3.1	1.3.1.x
apache / xml_security_for_c++	1.2.0	1.2.0.x
apache / xml_security_for_c++	0.1.0	0.1.0.x

Vulnerability Database

317,828

CVE-2013-2156

Deep Security Visibility Without the Complexity