CVE-2011-4320

EUVD-2022-1988
The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
process-oneejabberd
2.1.8
process-oneejabberd
3.0.0:alpha3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ejabberd
bookworm
23.01-1
fixed
bullseye
21.01-2
fixed
sid
24.07-2
fixed
squeeze
no-dsa
trixie
23.10-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ejabberd
hardy
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
Common Weakness Enumeration
References
http://secunia.com/advisories/46915
http://www.openwall.com/lists/oss-security/2011/11/19/1
http://www.openwall.com/lists/oss-security/2011/11/19/2
http://www.osvdb.org/77302
http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.9
https://support.process-one.net/browse/EJAB-1498
http://secunia.com/advisories/46915
http://www.openwall.com/lists/oss-security/2011/11/19/1
http://www.openwall.com/lists/oss-security/2011/11/19/2
http://www.osvdb.org/77302
http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.9
https://support.process-one.net/browse/EJAB-1498