Buffer overflow in Cisco Jabber_extensible_communications_platform

CVE-2012-3935

Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu3283…

Vulnerability class: Buffer Overflow

EPSS: 0.008 (74.4th percentile) — read the EPSS interpretation.

Affected products

Cisco Jabber_extensible_communications_platform
Cisco Unified_presence — versions 1.0, 6.0, 6.0\(1\)
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cisco-presence-jabber-dos(78457) (vdb-entry, x_refsource_XF)
20120912 Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory)
1027520 (vdb-entry, x_refsource_SECTRACK)
85421 (x_refsource_OSVDB, vdb-entry)
50562 (x_refsource_SECUNIA, third-party-advisory)