CVE-2015-2058
jabberd2 < 2.3.2 - Authenticated Exposure of Sensitive Information via JID Processing
Title source: llmDescription
c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID.
References (4)
Core 4
Core References
Issue Tracking x_refsource_confirm
https://github.com/jabberd2/jabberd2/issues/85
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/02/09/13
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/02/23/25
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72731
Scores
EPSS
0.0191
EPSS Percentile
77.3%
Details
CWE
CWE-200
Status
published
Products (1)
jabberd2/jabberd2
< 2.3.2
Published
Aug 12, 2015
Tracked Since
Feb 18, 2026