Description
DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Affected products
- brad_fitzpatrick / djabberd0.84
- brad_fitzpatrick / djabberd0.80 – 0.80
- brad_fitzpatrick / djabberd0.81 – 0.81
- brad_fitzpatrick / djabberd0.82 – 0.82
- brad_fitzpatrick / djabberd0.83 – 0.83