exploitDog

GHSA-5v5w-44w6-q5hv

Опубликовано: 17 мая 2022

Источник: github

Github: Прошло ревью

CVSS4: 8.7

Описание

Erlang Solutions MongooseIM vulnerable to denial of service (DoS) via crafted XMPP stream

Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.

Ссылки

Пакеты

Наименование

MongooseIM

Затронутые версииВерсия исправления

<= 1.3.1

1.3.2

EPSS

Процентиль: 65%

0.005

Низкий

8.7 High

CVSS4

CVE ID

Дефекты

CWE-770

Связанные уязвимости

CVE-2014-2829

nvd

почти 12 лет назад

Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.

EPSS

Процентиль: 65%

0.005

Низкий

8.7 High

CVSS4

CVE ID

Дефекты

CWE-770