Shibboleth · Shibboleth · CVE-2011-2516
**Name of the Vulnerable Software and Affected Versions**
Apache XML Security for C++ version 1.6.0
Shibboleth versions prior to 2.4.3
**Description**
The issue is caused by an off-by-one error in the XML signature feature, which can be exploited by remote attackers to cause a denial of service (crash) via a signature using a large RSA key. This triggers a buffer overflow.
**Recommendations**
For Apache XML Security for C++ version 1.6.0, update to a version that fixes the off-by-one error in the XML signature feature.
For Shibboleth versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue.