Moderate severityNVD Advisory· Published Feb 18, 2012· Updated Jun 16, 2026
CVE-2011-4320
CVE-2011-4320
Description
The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ejabberdHex | < 2.1.9 | 2.1.9 |
ejabberdHex | >= 3.0.0-alpha-1, < 3.0.0-alpha-4 | 3.0.0-alpha-4 |
Affected products
3cpe:2.3:a:process-one:ejabberd:2.1.8:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:process-one:ejabberd:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:process-one:ejabberd:3.0.0:alpha3:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
10- support.process-one.net/browse/EJAB-1498nvdPatchWEB
- secunia.com/advisories/46915nvdVendor Advisory
- github.com/advisories/GHSA-2h3q-v47h-f4rcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-4320ghsaADVISORY
- www.openwall.com/lists/oss-security/2011/11/19/1nvdWEB
- www.openwall.com/lists/oss-security/2011/11/19/2nvdWEB
- www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.9nvdWEB
- github.com/processone/ejabberd/commit/d3c4eab46f3cd54f7686cfed740d9c130b6801cfghsaWEB
- github.com/processone/ejabberd/commit/d5b4d6785879f0a5192c26f5b5e218aec8104798ghsaWEB
- www.osvdb.org/77302nvd
News mentions
0No linked articles in our index yet.