CVE-2024-34580 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-34580 Interim 1 12 2025-07-12T08:16:28Z current 2024-06-29T17:08:16Z 2025-07-12T08:16:28Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-34580 Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to configure XML Security for C++ securely. Even when avoiding this particular issue, any use of this library would need considerable additional code and a deep understanding of the standards and protocols involved to arrive at a secure implementation for any particular use case. We recommend against continued direct use of this library. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server Teradata 12 SP3-LTSS SUSE Linux Enterprise Server Teradata 15 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.5 openSUSE Leap 15.6 libxml-security-c-devel libxml-security-c17 libxml-security-c20 xml-security-c xml-security-c-bin libxml-security-c-devel as a component of SUSE Enterprise Storage 7.1 libxml-security-c20 as a component of SUSE Enterprise Storage 7.1 xml-security-c as a component of SUSE Enterprise Storage 7.1 xml-security-c as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 libxml-security-c-devel as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libxml-security-c17 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS xml-security-c as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libxml-security-c-devel as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libxml-security-c20 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS xml-security-c as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libxml-security-c-devel as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libxml-security-c20 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS xml-security-c as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libxml-security-c-devel as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libxml-security-c20 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS xml-security-c as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libxml-security-c-devel as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libxml-security-c20 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 xml-security-c as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libxml-security-c-devel as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libxml-security-c20 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 xml-security-c as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libxml-security-c17 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS xml-security-c-bin as a component of SUSE Linux Enterprise Server 12 SP2-LTSS xml-security-c as a component of SUSE Linux Enterprise Server 12 SP2-LTSS libxml-security-c17 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS xml-security-c-bin as a component of SUSE Linux Enterprise Server 12 SP4-LTSS xml-security-c as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libxml-security-c17 as a component of SUSE Linux Enterprise Server 12 SP5 xml-security-c-bin as a component of SUSE Linux Enterprise Server 12 SP5 xml-security-c as a component of SUSE Linux Enterprise Server 12 SP5 libxml-security-c-devel as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libxml-security-c17 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS xml-security-c as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libxml-security-c-devel as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libxml-security-c17 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS xml-security-c as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libxml-security-c-devel as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libxml-security-c20 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS xml-security-c as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libxml-security-c-devel as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libxml-security-c20 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS xml-security-c as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libxml-security-c-devel as a component of SUSE Linux Enterprise Server 15-LTSS libxml-security-c17 as a component of SUSE Linux Enterprise Server 15-LTSS xml-security-c as a component of SUSE Linux Enterprise Server 15-LTSS xml-security-c as a component of SUSE Linux Enterprise Server Teradata 12 SP3 xml-security-c as a component of SUSE Linux Enterprise Server Teradata 12 SP3-LTSS xml-security-c as a component of SUSE Linux Enterprise Server Teradata 15 SP4 libxml-security-c17 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 xml-security-c-bin as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 xml-security-c as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 xml-security-c as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libxml-security-c-devel as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libxml-security-c17 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 xml-security-c as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 libxml-security-c-devel as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libxml-security-c20 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 xml-security-c as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libxml-security-c-devel as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libxml-security-c20 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 xml-security-c as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libxml-security-c-devel as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 xml-security-c as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libxml-security-c-devel as a component of SUSE Manager Proxy 4.3 libxml-security-c20 as a component of SUSE Manager Proxy 4.3 xml-security-c as a component of SUSE Manager Proxy 4.3 libxml-security-c-devel as a component of SUSE Manager Retail Branch Server 4.3 libxml-security-c20 as a component of SUSE Manager Retail Branch Server 4.3 xml-security-c as a component of SUSE Manager Retail Branch Server 4.3 libxml-security-c-devel as a component of SUSE Manager Server 4.3 libxml-security-c20 as a component of SUSE Manager Server 4.3 xml-security-c as a component of SUSE Manager Server 4.3 libxml-security-c-devel as a component of openSUSE Leap 15.5 libxml-security-c20 as a component of openSUSE Leap 15.5 xml-security-c-bin as a component of openSUSE Leap 15.5 xml-security-c as a component of openSUSE Leap 15.5 libxml-security-c-devel as a component of openSUSE Leap 15.6 libxml-security-c20 as a component of openSUSE Leap 15.6 xml-security-c-bin as a component of openSUSE Leap 15.6 xml-security-c as a component of openSUSE Leap 15.6 Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to configure XML Security for C++ securely. Even when avoiding this particular issue, any use of this library would need considerable additional code and a deep understanding of the standards and protocols involved to arrive at a secure implementation for any particular use case. We recommend against continued direct use of this library. CVE-2024-34580 SUSE Enterprise Storage 7.1:libxml-security-c-devel SUSE Enterprise Storage 7.1:libxml-security-c20 SUSE Enterprise Storage 7.1:xml-security-c SUSE Linux Enterprise High Performance Computing 12 SP5:xml-security-c SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libxml-security-c-devel SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libxml-security-c17 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xml-security-c SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libxml-security-c-devel SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libxml-security-c20 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xml-security-c SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libxml-security-c-devel SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libxml-security-c20 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xml-security-c SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libxml-security-c-devel SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libxml-security-c20 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xml-security-c SUSE Linux Enterprise Module for Basesystem 15 SP5:libxml-security-c-devel SUSE Linux Enterprise Module for Basesystem 15 SP5:libxml-security-c20 SUSE Linux Enterprise Module for Basesystem 15 SP5:xml-security-c SUSE Linux Enterprise Module for Basesystem 15 SP6:libxml-security-c-devel SUSE Linux Enterprise Module for Basesystem 15 SP6:libxml-security-c20 SUSE Linux Enterprise Module for Basesystem 15 SP6:xml-security-c SUSE Linux Enterprise Server 12 SP2-LTSS:libxml-security-c17 SUSE Linux Enterprise Server 12 SP2-LTSS:xml-security-c SUSE Linux Enterprise Server 12 SP2-LTSS:xml-security-c-bin SUSE Linux Enterprise Server 12 SP4-LTSS:libxml-security-c17 SUSE Linux Enterprise Server 12 SP4-LTSS:xml-security-c SUSE Linux Enterprise Server 12 SP4-LTSS:xml-security-c-bin SUSE Linux Enterprise Server 12 SP5:libxml-security-c17 SUSE Linux Enterprise Server 12 SP5:xml-security-c SUSE Linux Enterprise Server 12 SP5:xml-security-c-bin SUSE Linux Enterprise Server 15 SP1-LTSS:libxml-security-c-devel SUSE Linux Enterprise Server 15 SP1-LTSS:libxml-security-c17 SUSE Linux Enterprise Server 15 SP1-LTSS:xml-security-c SUSE Linux Enterprise Server 15 SP2-LTSS:libxml-security-c-devel SUSE Linux Enterprise Server 15 SP2-LTSS:libxml-security-c17 SUSE Linux Enterprise Server 15 SP2-LTSS:xml-security-c SUSE Linux Enterprise Server 15 SP3-LTSS:libxml-security-c-devel SUSE Linux Enterprise Server 15 SP3-LTSS:libxml-security-c20 SUSE Linux Enterprise Server 15 SP3-LTSS:xml-security-c SUSE Linux Enterprise Server 15 SP4-LTSS:libxml-security-c-devel SUSE Linux Enterprise Server 15 SP4-LTSS:libxml-security-c20 SUSE Linux Enterprise Server 15 SP4-LTSS:xml-security-c SUSE Linux Enterprise Server 15-LTSS:libxml-security-c-devel SUSE Linux Enterprise Server 15-LTSS:libxml-security-c17 SUSE Linux Enterprise Server 15-LTSS:xml-security-c SUSE Linux Enterprise Server Teradata 12 SP3-LTSS:xml-security-c SUSE Linux Enterprise Server Teradata 12 SP3:xml-security-c SUSE Linux Enterprise Server Teradata 15 SP4:xml-security-c SUSE Linux Enterprise Server for SAP Applications 12 SP4:libxml-security-c17 SUSE Linux Enterprise Server for SAP Applications 12 SP4:xml-security-c SUSE Linux Enterprise Server for SAP Applications 12 SP4:xml-security-c-bin SUSE Linux Enterprise Server for SAP Applications 12 SP5:xml-security-c SUSE Linux Enterprise Server for SAP Applications 15 SP2:libxml-security-c-devel SUSE Linux Enterprise Server for SAP Applications 15 SP2:libxml-security-c17 SUSE Linux Enterprise Server for SAP Applications 15 SP2:xml-security-c SUSE Linux Enterprise Server for SAP Applications 15 SP3:libxml-security-c-devel SUSE Linux Enterprise Server for SAP Applications 15 SP3:libxml-security-c20 SUSE Linux Enterprise Server for SAP Applications 15 SP3:xml-security-c SUSE Linux Enterprise Server for SAP Applications 15 SP4:libxml-security-c-devel SUSE Linux Enterprise Server for SAP Applications 15 SP4:libxml-security-c20 SUSE Linux Enterprise Server for SAP Applications 15 SP4:xml-security-c SUSE Linux Enterprise Software Development Kit 12 SP5:libxml-security-c-devel SUSE Linux Enterprise Software Development Kit 12 SP5:xml-security-c SUSE Manager Proxy 4.3:libxml-security-c-devel SUSE Manager Proxy 4.3:libxml-security-c20 SUSE Manager Proxy 4.3:xml-security-c SUSE Manager Retail Branch Server 4.3:libxml-security-c-devel SUSE Manager Retail Branch Server 4.3:libxml-security-c20 SUSE Manager Retail Branch Server 4.3:xml-security-c SUSE Manager Server 4.3:libxml-security-c-devel SUSE Manager Server 4.3:libxml-security-c20 SUSE Manager Server 4.3:xml-security-c openSUSE Leap 15.5:libxml-security-c-devel openSUSE Leap 15.5:libxml-security-c20 openSUSE Leap 15.5:xml-security-c openSUSE Leap 15.5:xml-security-c-bin openSUSE Leap 15.6:libxml-security-c-devel openSUSE Leap 15.6:libxml-security-c20 openSUSE Leap 15.6:xml-security-c openSUSE Leap 15.6:xml-security-c-bin moderate 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L