#25982 – CVE-2011-1753

Bug 25982 - CVE-2011-1753

Summary:

CVE-2011-1753

Status:	CLOSED FIXED

Product:	Branch p6
Component:	(All bugs in Branch p6/ejabberd)
Version:	не указана
Platform:	all Linux

Importance:	P3 normal
Assigned To:	Andrey Cherepanov
QA Contact:	QA p6

URL:	http://cve.mitre.org/cgi-bin/cvename....
Keywords:

Depends on:
Blocks:
	Show dependency tree

Reported:	2011-08-03 19:26 by Sergey V Turchin
Modified:	2011-08-29 19:02 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Sergey V Turchin 2011-08-03 19:26:27

expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp
before 0.9.7, does not properly detect recursion during entity expansion, which
allows remote attackers to cause a DOS (memory and CPU consumption) via a
crafted XML document containing a large number of nested entity references, a
similar issue to CVE-2003-1564

------- Comment #1 From AEN 2011-08-27 01:06:43 -------

2cas@: пересоберите из Сизифа, пожалуйста.

------- Comment #2 From Sergey V Turchin 2011-08-29 19:02:13 -------

обновился