PT-2012-1859 · Processone · Ejabberd

Published

2012-02-18

Updated

2022-05-17

CVE-2011-4320

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions ejabberd versions 2.1.8 through 3.0.0-alpha-3

Description The issue allows remote authenticated users to cause a denial of service, resulting in an infinite loop. This occurs when a stanza with a publish tag lacks a node attribute, specifically affecting the mod pubsub module.

Recommendations For ejabberd version 2.1.8, consider disabling the mod pubsub module until a patch is available. For ejabberd version 3.0.0-alpha-3, restrict access to the mod pubsub module to minimize the risk of exploitation.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-400

Related Identifiers

CVE-2011-4320

GHSA-2H3Q-V47H-F4RC

Affected Products

Ejabberd

PT-2012-1859 · Processone · Ejabberd

CVE-2011-4320

Weakness Enumeration

Related Identifiers

Affected Products

References · 14