CVE-2015-2058

jabberd2 < 2.3.2 - Authenticated Exposure of Sensitive Information via JID Processing

Title source: llm
STIX 2.1

Description

c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID.

References (4)

Core 4
Core References
Issue Tracking x_refsource_confirm
https://github.com/jabberd2/jabberd2/issues/85
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/02/09/13
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/02/23/25
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72731

Scores

EPSS 0.0191
EPSS Percentile 77.3%

Details

CWE
CWE-200
Status published
Products (1)
jabberd2/jabberd2 < 2.3.2
Published Aug 12, 2015
Tracked Since Feb 18, 2026