CVE-2014-2741 Uncontrolled Resource Consumption with XMPP-Layer Compression

Description

http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2741

Several XMPP server implementations that support application-layer compression (XEP-0138) suffer from an uncontrolled resource consumption vulnerability (CWE-400). This vulnerability can be remotely exploited by attackers to mount Denial-of-Service attacks by sending highly-compressed XML elements over XMPP streams.

The vulnerability was reported by Giancarlo Pellegrino. This report was written by Giancarlo Pellegrino with assistance from Peter Saint-Andre.

Environment

None

Activity

Show:
Daryl Herzmann
April 17, 2014, 8:09 PM

Marking as fixed, added this after the commit so to ensure it hits the changelog

Fixed

Assignee

Guus der Kinderen

Reporter

Daryl Herzmann