PT-2014-4911 · Erlang Solutions · Mongooseim

Publicado

2014-04-11

·

Atualizado

2022-05-17

·

CVE-2014-2829

CVSS v4.0

8.7

Alta

VetorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Erlang Solutions MongooseIM versions prior to 1.3.1 rev. 2
Description The issue allows remote attackers to cause a denial of service due to improper restriction of the processing of compressed XML elements. This can be achieved via a crafted XMPP stream, also known as an "xmppbomb" attack.
Recommendations For versions prior to 1.3.1 rev. 2, update to a version that properly restricts the processing of compressed XML elements to prevent denial of service attacks.

Exploit

Correção

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-770

Identificadores relacionados

CVE-2014-2829
GHSA-5V5W-44W6-Q5HV

Produtos afetados

Mongooseim