The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML connections.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jabberstudio | jabberd | 1.4 |
| jabberstudio | jabberd | 1.4.3 |
| jabberstudio | jabberd | 1.4.1 |
| jabberstudio | jabberd | 1.4.2a |
| jabberstudio | jabberd | 1.4.2 |
| jabberstudio | jadc2s | 0.7 |
| jabberstudio | jadc2s | 0.8 |
| jabberstudio | jadc2s | 0.6 |
| jabberstudio | jadc2s | 0.9 |
Unknown vulnerability in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers to cause a denial of service (infinite loop) via user re-registration.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jabberstudio | jabber_gadu-gadu_transport | 2.0.1 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.5 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.3 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.6 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.7 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.4 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.2 |
The roster import functionality in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8, when using libgadu 1.0 and later, allows attackers to cause a denial of service via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jabberstudio | jabber_gadu-gadu_transport | 2.0.1 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.5 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.3 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.6 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.7 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.4 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.2 |
Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers to cause a denial of service a message with an empty <priority/> tag.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jabberstudio | jabber_gadu-gadu_transport | 2.0.1 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.5 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.3 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.6 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.7 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.4 |
| jabberstudio | jabber_gadu-gadu_transport | 2.0.2 |
The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza".
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jabberstudio | jabberd | 2.0_a6 |
| jabberstudio | jabberd | 2.0_s6 |
| jabberstudio | jabberd | 2.0_b1 |
| jabberstudio | jabberd | 2.0_a1 |
| jabberstudio | jabberd | 2.0_a5 |
| jabberstudio | jabberd | 2.0_s5 |
| jabberstudio | jabberd | * |
| jabberstudio | jabberd | 2.0_a3 |
| jabberstudio | jabberd | 2.0_s8 |
| jabberstudio | jabberd | 2.0_s9 |
| jabberstudio | jabberd | 2.0_b2 |
| jabberstudio | jabberd | 2.0_s1 |
| jabberstudio | jabberd | 2.0_s7 |
| jabberstudio | jabberd | 2.0_rc1 |
| jabberstudio | jabberd | 2.0_s2 |
| jabberstudio | jabberd | 2.0_rc2 |
| jabberstudio | jabberd | 2.0_a2 |
| jabberstudio | jabberd | 2.0_s4 |
| jabberstudio | jabberd | 2.0_a4 |
| jabberstudio | jabberd | 2.0_s3 |
| jabberstudio | jabberd | 2.0_b3 |