MidnightBSD

Advisories for xmltooling_project

CVE-2015-0851 MEDIUM

XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
xmltooling_project xmltooling *
CVE-2019-9628 MEDIUM

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
opensuse leap 42.3
canonical ubuntu_linux 18.10
canonical ubuntu_linux 16.04
xmltooling_project xmltooling *
canonical ubuntu_linux 18.04
opensuse leap 15.0