Candidate: CVE-2021-41055
PublicDate: 2021-10-11 03:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41055
 https://dev.gajim.org/gajim/gajim/-/issues/10638
 https://dev.gajim.org/gajim/python-nbxmpp/-/commit/8a626829d7c4b14077f764e61b1d1e867d21413f
 https://dev.gajim.org/gajim/gajim/-/tags/gajim-1.3.3
Description:
 Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a
 denial of service (crash) via a crafted XMPP Last Message Correction
 (XEP-0308) message in multi-user chat, where the message ID equals the
 correction ID.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_python-nbxmpp:
upstream_python-nbxmpp: released (2.0.4-1)
trusty_python-nbxmpp: ignored (out of standard support)
xenial_python-nbxmpp: ignored (out of standard support)
bionic_python-nbxmpp: not-affected (code not present)
focal_python-nbxmpp: not-affected (code not present)
hirsute_python-nbxmpp: ignored (reached end-of-life)
impish_python-nbxmpp: not-affected (code not present)
jammy_python-nbxmpp: not-affected (code not present)
devel_python-nbxmpp: not-affected (code not present)