Bug 25982 - CVE-2011-1753
: CVE-2011-1753
Status: CLOSED FIXED
: Branch p6
(All bugs in Branch p6/ejabberd)
: не указана
: all Linux
: P3 normal
Assigned To:
:
: http://cve.mitre.org/cgi-bin/cvename....
:
:
:
  Show dependency tree
 
Reported: 2011-08-03 19:26 by
Modified: 2011-08-29 19:02 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2011-08-03 19:26:27
expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp
before 0.9.7, does not properly detect recursion during entity expansion, which
allows remote attackers to cause a DOS (memory and CPU consumption) via a
crafted XML document containing a large number of nested entity references, a
similar issue to CVE-2003-1564
------- Comment #1 From 2011-08-27 01:06:43 -------
2cas@: пересоберите из Сизифа, пожалуйста.
------- Comment #2 From 2011-08-29 19:02:13 -------
обновился