Vulnerability Details CVE-2014-2829
Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.9%
CVSS Severity
CVSS v2 Score 7.8
References
- http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/
- https://github.com/esl/MongooseIM/commit/586d96cc12ef218243a3466354b4d208b5472a6c
- http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/
- https://github.com/esl/MongooseIM/commit/586d96cc12ef218243a3466354b4d208b5472a6c
Products affected by CVE-2014-2829
-
cpe:2.3:a:erlang-solutions:mongooseim:1.2.1
-
cpe:2.3:a:erlang-solutions:mongooseim:1.2.2
-
cpe:2.3:a:erlang-solutions:mongooseim:1.3.0
-
cpe:2.3:a:erlang-solutions:mongooseim:1.3.1