CVE-2014-2743

Published: Apr 11, 2014Modified: May 6, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.

Affected (1)

Products: Lightwitch: Metronome

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lightwitch Metronome	Up to 3.4

Related CWEs

References (8)

http://code.lightwitch.org/metronome/rev/49f47277a411

Source: security@debian.org

ExploitPatch

http://openwall.com/lists/oss-security/2014/04/07/7

Source: security@debian.org

http://openwall.com/lists/oss-security/2014/04/09/1

Source: security@debian.org

http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/

Source: security@debian.org

http://code.lightwitch.org/metronome/rev/49f47277a411

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://openwall.com/lists/oss-security/2014/04/07/7

Source: af854a3a-2127-422b-91ae-364da2661108

http://openwall.com/lists/oss-security/2014/04/09/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.