Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yaDNxLXY0N2gtZjRyY84AAfwe
Ejabberd DoS via malformed stanza
The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yaDNxLXY0N2gtZjRyY84AAfwe
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 3 months ago
Identifiers: GHSA-2h3q-v47h-f4rc, CVE-2011-4320
References:
- https://nvd.nist.gov/vuln/detail/CVE-2011-4320
- https://support.process-one.net/browse/EJAB-1498
- http://www.openwall.com/lists/oss-security/2011/11/19/1
- http://www.openwall.com/lists/oss-security/2011/11/19/2
- http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.9
- https://github.com/processone/ejabberd/commit/d3c4eab46f3cd54f7686cfed740d9c130b6801cf
- https://github.com/processone/ejabberd/commit/d5b4d6785879f0a5192c26f5b5e218aec8104798
- https://github.com/advisories/GHSA-2h3q-v47h-f4rc
Blast Radius: 0.0
Affected Packages
hex:ejabberd
Dependent packages: 0Dependent repositories: 9
Downloads: 31,607 total
Affected Version Ranges: >= 3.0.0-alpha-1, <= 3.0.0-alpha-3, <= 2.1.8
Fixed in: 3.0.0-alpha-4, 2.1.9
All affected versions:
All unaffected versions: 16.2.0, 16.3.0, 16.4.0, 16.4.1, 16.6.0, 16.6.1, 16.6.2, 16.8.0, 16.9.0, 17.1.0, 17.3.0, 17.6.0, 17.9.0, 17.11.0, 18.1.0, 18.3.0, 18.4.0, 18.6.0, 18.12.0, 18.12.1, 19.2.0, 19.5.0, 19.8.0, 19.9.0, 19.9.1, 20.1.0, 20.2.0, 20.3.0, 20.4.0, 20.7.0, 20.12.0, 21.1.0, 21.4.0, 21.7.0, 21.12.0, 22.5.0, 22.10.0, 23.1.0, 23.4.0, 23.10.0, 24.2.6