oss-sec mailing list archives
Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sat, 5 Apr 2014 19:26:18 +0200
Hi,
From [1] thee is an security notice from the XMPP Standards Foundation
affecting several XMPP server implementations:
The XMPP Standards Foundation has published a security notice describing an uncontrolled resource consumption vulnerability in several XMPP server implementations that support application-layer compression. Details can be found at: http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/ Peter
[1] http://mail.jabber.org/pipermail/security/2014-April/000979.html Is this something which should get one CVE, or is a CVE for each implementation needed? Regards, Salvatore
Current thread:
- Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression Salvatore Bonaccorso (Apr 05)