jadc2s up to and including version 0.9.0 includes a bug in the included expat parser, that allows a remote user to crash jadc2s by sending invalid XML code.
The bug has been reported on 2004-09-19 on the jabberd mailing list. CVS versions of jadc2s are not affected by this bug since 2004-09-07 as the code containing the bug had been removed from jadc2s at this date.
The patch on this page includes two other fixes:
2004-09-20, Matthias Wimmer