Launchpad.net

CVE 2011-1755

jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Related bugs and status

CVE-2011-1755 (Candidate) is related to these bugs:

Bug #865158: Compilation error: 'SX_SSL_CONN_EXTERNAL_ID_MAX_COUNT' undeclared here

Summary				In	Importance	Status
	865158	Compilation error: 'SX_SSL_CONN_EXTERNAL_ID_MAX_COUNT' undeclared here		Jabberd	Medium	Fix Released
	865158	Compilation error: 'SX_SSL_CONN_EXTERNAL_ID_MAX_COUNT' undeclared here		Gentoo Linux	Medium	Fix Released

Bug #997264: jabberd2 broken

Summary				In	Importance	Status
	997264	jabberd2 broken		jabberd2 (Ubuntu)	Undecided	Fix Released

Bug #1044039: badly needs an update

Summary				In	Importance	Status
	1044039	badly needs an update		jabberd2 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-1755

Related bugs and status

Related bugs

References