Denial of Service Vulnerability in MongooseIM by Erlang Solutions
CVE-2014-2829

Currently unrated

Key Information:

Vendor: Erlang-solutions
Status: Mongooseim
Vendor: CVE Published:; 11 April 2014

What is CVE-2014-2829?

MongooseIM versions up to 1.3.1 rev. 2 are susceptible to a denial of service attack due to inadequate restrictions when processing compressed XML elements. This vulnerability enables attackers to exploit the XMPP stream by sending specially crafted messages, leading to excessive resource consumption on the affected system, effectively rendering it unresponsive. The issue, also referred to as an 'xmppbomb' attack, demonstrates the critical need for robust input validation within XML processing to mitigate potential exploitation.

References

http://xmpp.org/resources/security-notices/uncontrolled-r...

x_refsource_MISC

https://github.com/esl/MongooseIM/commit/586d96cc12ef2182...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 11, 2014

Erlang-solutions

What is CVE-2014-2829?

References

Timeline