CVE-2014-2742

Published: Apr 11, 2014Modified: May 6, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.

Affected (5)

Products: Isode: M Link

Isode

1 product

M Link

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Isode M Link	Version 14.6.14
Isode M Link	Version 14.6
Isode M Link	Version 15.1.10
Isode M Link	Version 15.1
Isode M Link	Version 16.0

Related CWEs

CWE-264

References (6)

http://openwall.com/lists/oss-security/2014/04/07/7

Source: security@debian.org

http://openwall.com/lists/oss-security/2014/04/09/1

Source: security@debian.org

http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/

Source: security@debian.org

http://openwall.com/lists/oss-security/2014/04/07/7

Source: af854a3a-2127-422b-91ae-364da2661108

http://openwall.com/lists/oss-security/2014/04/09/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.