VYPR
Unrated severityNVD Advisory· Published Jun 21, 2011· Updated Jun 16, 2026

CVE-2011-1756

CVE-2011-1756

Description

modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Affected products

9
  • Citadel/Citadel9 versions
    cpe:2.3:a:citadel:citadel:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:citadel:citadel:*:*:*:*:*:*:*:*range: <=7.86
    • cpe:2.3:a:citadel:citadel:7.11:*:*:*:*:*:*:*
    • cpe:2.3:a:citadel:citadel:7.50:*:*:*:*:*:*:*
    • cpe:2.3:a:citadel:citadel:7.60:*:*:*:*:*:*:*
    • cpe:2.3:a:citadel:citadel:7.80:*:*:*:*:*:*:*
    • cpe:2.3:a:citadel:citadel:7.81:*:*:*:*:*:*:*
    • cpe:2.3:a:citadel:citadel:7.82:*:*:*:*:*:*:*
    • cpe:2.3:a:citadel:citadel:7.84:*:*:*:*:*:*:*
    • (no CPE)range: <=7.86

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.