Vulnerability Description
c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jabberd2 | Jabberd2 | <= 2.3.2 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/02/09/13
- http://www.openwall.com/lists/oss-security/2015/02/23/25
- http://www.securityfocus.com/bid/72731
- https://github.com/jabberd2/jabberd2/issues/85
- http://www.openwall.com/lists/oss-security/2015/02/09/13
- http://www.openwall.com/lists/oss-security/2015/02/23/25
- http://www.securityfocus.com/bid/72731
- https://github.com/jabberd2/jabberd2/issues/85
FAQ
What is CVE-2015-2058?
CVE-2015-2058 is a vulnerability with a CVSS score of 6.5 (MEDIUM). c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other un...
How severe is CVE-2015-2058?
CVE-2015-2058 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2058?
Check the references section above for vendor advisories and patch information. Affected products include: Jabberd2 Jabberd2.