CVE-2015-2058

Published: Aug 12, 2015Modified: May 6, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID.

Affected (1)

Products: Jabberd2: Jabberd2

Jabberd2

1 product

Jabberd2

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jabberd2 Jabberd2	Up to 2.3.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://www.openwall.com/lists/oss-security/2015/02/09/13

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/02/23/25

Source: cve@mitre.org

http://www.securityfocus.com/bid/72731

Source: cve@mitre.org

https://github.com/jabberd2/jabberd2/issues/85

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/02/09/13

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2015/02/23/25

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/72731

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/jabberd2/jabberd2/issues/85

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.