expat_erl.c in ejabberd prior to 2.1.7 and 3.x prior to 3.0.0-alpha-3, and exmpp prior to 0.9.7, does not properly detect recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
process-one ejabberd 2.0.5 |
||
process-one ejabberd 2.0.4 |
||
process-one ejabberd 1.1.1.1 |
||
process-one ejabberd 1.1.0 |
||
process-one ejabberd 1.1.1 |
||
process-one ejabberd 1.1.14 |
||
process-one ejabberd 2.1.2 |
||
process-one ejabberd 2.1.1 |
||
process-one ejabberd 2.0.3 |
||
process-one ejabberd 0.9.1 |
||
process-one ejabberd 1.1.1.0 |
||
process-one ejabberd 2.0.0 |
||
process-one ejabberd 3.0.0 |
||
process-one ejabberd 2.1.0 |
||
process-one ejabberd 1.0.0 |
||
process-one ejabberd 0.9 |
||
process-one ejabberd 1.1.3 |
||
process-one ejabberd 2.1.5 |
||
process-one ejabberd |
||
process-one ejabberd 1.1.2 |
||
process-one ejabberd 0.9.8 |
||
process-one ejabberd 2.0.2 |
||
process-one ejabberd 2.0.1_2 |
||
process-one ejabberd 2.1.3 |
||
process-one ejabberd 2.1.4 |
||
process-one exmpp 0.9.1 |
||
process-one exmpp |
||
process-one exmpp 0.9.4 |
||
process-one exmpp 0.9.5 |
||
process-one exmpp 0.9.2 |
||
process-one exmpp 0.9.3 |