modules/xmpp/serv_xmpp.c in Citadel 7.86 and previous versions does not properly detect recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
citadel citadel |
||
citadel citadel 7.80 |
||
citadel citadel 7.81 |
||
citadel citadel 7.82 |
||
citadel citadel 7.84 |
||
citadel citadel 7.50 |
||
citadel citadel 7.60 |
||
citadel citadel 7.11 |