We're updating the issue view to help you get more done. 

CVE-2014-2741 Uncontrolled Resource Consumption with XMPP-Layer Compression

Description

http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2741

Several XMPP server implementations that support application-layer compression (XEP-0138) suffer from an uncontrolled resource consumption vulnerability (CWE-400). This vulnerability can be remotely exploited by attackers to mount Denial-of-Service attacks by sending highly-compressed XML elements over XMPP streams.

The vulnerability was reported by Giancarlo Pellegrino. This report was written by Giancarlo Pellegrino with assistance from Peter Saint-Andre.

Environment

None

Acceptance Test - Entry

None

Activity

Show:
Daryl Herzmann
April 17, 2014, 8:09 PM
Daryl Herzmann
April 17, 2014, 8:09 PM

Marking as fixed, added this after the commit so to ensure it hits the changelog

Assignee

Guus der Kinderen

Reporter

Daryl Herzmann

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Affects versions

Priority

Major
Configure