Horazont

Name of the Vulnerable Software and Affected Versions: aioxmpp versions 0.10.2 and earlier Description: The issue is related to improper handling of structural elements in the Stanza Parser, specifically during error processing in the `aioxmpp.xso.model.guard` function. This can result in Denial of Service or potentially allow data injection in a different context. A crafted stanza sent to an application using the vulnerable components can cause the application to reconnect, potentially leading to data loss. The vulnerability appears to be exploitable remotely. Recommendations: For versions 0.10.2 and earlier, update to version 0.10.3 or later to resolve the issue. As a temporary workaround, consider not using `xso error handlers` or avoiding the use of the error suppression function to mitigate the vulnerability.