FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-27 12:04:33 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a04a3c13-4932-11df-83fb-0015587e2cc1ejabberd -- queue overload denial of service vulnerability

The Red Hat security response team reports:

A remotely exploitable DoS from XMPP client to ejabberd server via too many "client2server" messages (causing the message queue on the server to get overloaded, leading to server crash) has been found.


Discovery 2010-01-29
Entry 2010-04-19
ejabberd
< 2.1.3

38003
CVE-2010-0305
http://secunia.com/advisories/38337
http://support.process-one.net/browse/EJAB-1173
http://www.openwall.com/lists/oss-security/2010/01/29/1
http://xforce.iss.net/xforce/xfdb/56025
01d3ab7d-9c43-11e0-bc0f-0014a5e3cda6ejabberd -- remote denial of service vulnerability

It's reported in CVE advisory that:

expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.


Discovery 2011-04-27
Entry 2011-06-24
ejabberd
< 2.1.7

CVE-2011-1753
http://www.ejabberd.im/ejabberd-2.1.7