oss-sec mailing list archives

Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sat, 5 Apr 2014 19:26:18 +0200

Hi,

From [1] thee is an security notice from the XMPP Standards Foundation

affecting several XMPP server implementations:

The XMPP Standards Foundation has published a security notice
describing an uncontrolled resource consumption vulnerability in
several XMPP server implementations that support application-layer
compression. Details can be found at:

http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/

Peter


 [1] http://mail.jabber.org/pipermail/security/2014-April/000979.html

Is this something which should get one CVE, or is a CVE for each
implementation needed?

Regards,
Salvatore

Current thread:

Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression Salvatore Bonaccorso (Apr 05)
- Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression cve-assign (Apr 07)
  - Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression cve-assign (Apr 08)