Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-770

CVE-2014-2741 Uncontrolled Resource Consumption with XMPP-Layer Compression

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.9.1
    • Fix Version/s: 3.9.2
    • Component/s: Core
    • Labels:
      None

      Description

      http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/

      http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2741

      Several XMPP server implementations that support application-layer compression (XEP-0138) suffer from an uncontrolled resource consumption vulnerability (CWE-400). This vulnerability can be remotely exploited by attackers to mount Denial-of-Service attacks by sending highly-compressed XML elements over XMPP streams.

      The vulnerability was reported by Giancarlo Pellegrino. This report was written by Giancarlo Pellegrino with assistance from Peter Saint-Andre.

        Attachments

          Activity

            People

            • Assignee:
              guus Guus der Kinderen
              Reporter:
              akrherz Daryl Herzmann
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: