CVE-2011-4320
Ejabberd DoS via malformed stanza
EPSS 1.2%
Description
The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.
How to fix CVE-2011-4320
To remediate CVE-2011-4320, upgrade the affected package to a fixed version below.
- Debian/ejabberd—upgrade to 2.1.9-1 or later
- Hex/ejabberd—upgrade to 2.1.9 or later
Is CVE-2011-4320 being exploited?
Low — EPSS is 1.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.1.9-1
- from 0, < 2.1.9