CVE-2019-1000007

Name of the Vulnerable Software and Affected Versions: aioxmpp versions 0.10.2 and earlier

Description: The issue is related to improper handling of structural elements in the Stanza Parser, specifically during error processing in the aioxmpp.xso.model.guard function. This can result in Denial of Service or potentially allow data injection in a different context. A crafted stanza sent to an application using the vulnerable components can cause the application to reconnect, potentially leading to data loss. The vulnerability appears to be exploitable remotely.

Recommendations: For versions 0.10.2 and earlier, update to version 0.10.3 or later to resolve the issue. As a temporary workaround, consider not using xso error handlers or avoiding the use of the error suppression function to mitigate the vulnerability.