CVE-2014-2829

EUVD-2022-2659
Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
erlang-solutionsmongooseim
𝑥
≤ 1.3.1
erlang-solutionsmongooseim
1.2.1
erlang-solutionsmongooseim
1.2.2
erlang-solutionsmongooseim
1.3.0
erlang-solutionsmongooseim
1.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/
https://github.com/esl/MongooseIM/commit/586d96cc12ef218243a3466354b4d208b5472a6c
http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/
https://github.com/esl/MongooseIM/commit/586d96cc12ef218243a3466354b4d208b5472a6c