Bug 25982 - CVE-2011-1753
Summary: CVE-2011-1753
Status: CLOSED FIXED
Alias: None
Product: Branch p6
Classification: Distributions
Component: ejabberd (show other bugs)
Version: не указана
Hardware: all Linux
: P3 normal
Assignee: Andrey Cherepanov
QA Contact: QA p6
URL: http://cve.mitre.org/cgi-bin/cvename....
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-03 19:26 MSK by Sergey V Turchin
Modified: 2011-08-29 19:02 MSK (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sergey V Turchin 2011-08-03 19:26:27 MSK 
expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a DOS (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564
Comment 1 AEN 2011-08-27 01:06:43 MSK 
2cas@: пересоберите из Сизифа, пожалуйста.
Comment 2 Sergey V Turchin 2011-08-29 19:02:13 MSK 
обновился