XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| 76134 | |||
| https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=... | |||
| DSA-3321 | |||
| http://shibboleth.net/community/advisories/secadv_201507... |