jabberd2 before 2.2.14 does not properly detect recursion...
Moderate severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Feb 11, 2024
Description
Published by the National Vulnerability Database
Jun 21, 2011
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Feb 11, 2024
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
References