Lucene search
GitHub Advisory DatabaseGHSA-5V5W-44W6-Q5HVHistoryMay 17, 2022 - 4:47 a.m.
Erlang Solutions MongooseIM vulnerable to denial of service (DoS) via crafted XMPP stream
2022-05-1704:47:27
GitHub Advisory Database
github.com
8
erlang solutions mongooseim
vulnerability
denial of service
crafted xmpp stream
xmppbomb attack
software
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS
0.005
Percentile
77.0%
Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an “xmppbomb” attack.
Affected configurations
Node
mongooseimRange≤1.3.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| * | mongooseim | * | cpe:2.3:a:*:mongooseim:*:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2014-2829
2014-04-11 01:55:07
nvd
nvd
CVE-2014-2829
2014-04-11 01:55:07
cvelist
cvelist
CVE-2014-2829
2014-04-11 01:00:00
osv
osv
prion
prion
Code injection
2014-04-11 01:55:00
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS
0.005
Percentile
77.0%
Related for GHSA-5V5W-44W6-Q5HV