oss-security - Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <20140405172618.GA4235@eldamar.local>
Date: Sat, 5 Apr 2014 19:26:18 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Possible CVE Request: Uncontrolled Resource Consumption with
 XMPP-Layer Compression

Hi,

>From [1] thee is an security notice from the XMPP Standards Foundation
affecting several XMPP server implementations:

> The XMPP Standards Foundation has published a security notice
> describing an uncontrolled resource consumption vulnerability in
> several XMPP server implementations that support application-layer
> compression. Details can be found at:
> 
> http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/
> 
> Peter

 [1] http://mail.jabber.org/pipermail/security/2014-April/000979.html

Is this something which should get one CVE, or is a CVE for each
implementation needed?

Regards,
Salvatore

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.