CVE Vulnerabilities

CVE-2011-4320

Published: Feb 18, 2012 | Modified: Feb 29, 2012
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
LOW

The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.

Affected Software

Name Vendor Start Version End Version
Ejabberd Process-one 2.1.8 (including) 2.1.8 (including)
Ejabberd Process-one 3.0.0-alpha3 (including) 3.0.0-alpha3 (including)
Ejabberd Ubuntu hardy *
Ejabberd Ubuntu lucid *
Ejabberd Ubuntu maverick *
Ejabberd Ubuntu natty *
Ejabberd Ubuntu oneiric *
Ejabberd Ubuntu upstream *

References