Prosody prior to 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote malicious users to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
prosody prosody 0.8.2 |
||
prosody prosody 0.8.0 |
||
prosody prosody 0.1.0 |
||
prosody prosody 0.3.0 |
||
prosody prosody 0.9.2 |
||
prosody prosody 0.6.2 |
||
prosody prosody 0.6.0 |
||
prosody prosody 0.4.1 |
||
prosody prosody 0.5.0 |
||
prosody prosody 0.5.1 |
||
prosody prosody 0.4.2 |
||
prosody prosody 0.5.2 |
||
prosody prosody 0.6.1 |
||
prosody prosody |
||
prosody prosody 0.9.1 |
||
prosody prosody 0.4.0 |
||
prosody prosody 0.2.0 |
||
prosody prosody 0.7.0 |
||
prosody prosody 0.8.1 |
||
prosody prosody 0.9.0 |