Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2021-32918

Published: 13/05/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Prosody

Vulnerability Summary

An issue exists in Prosody prior to 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

prosody prosody

debian debian linux 10.0

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Debian CVElist Bug Report Logs: prosody: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921
Debian Bug report logs - #988668 prosody: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921 Package: src:prosody; Maintainer for src:prosody is Debian XMPP Maintainers <pkg-xmpp-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 17 May 2021 17:12:0 ...
Debian Security Advisories: DSA-4916-1 prosody -- security update
Multiple security issues were found in Prosody, a lightweight Jabber/XMPP server, which could result in denial of service or information disclosure For the stable distribution (buster), these problems have been fixed in version 0112-1+deb10u1 We recommend that you upgrade your prosody packages For the detailed security status of prosody please ...
Arch Linux Issues:
A security issue was found in the Prosodyim XMPP server software before version 0119 It was discovered that default settings leave Prosody susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 52 or Lua 53 ...

Mailing Lists

Full Disclosure: Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) <!--X-Subject-Header-End--> <!--X-Head-of-Message--> ...

References

CWE-400https://blog.prosody.im/prosody-0.11.9-released/http://www.openwall.com/lists/oss-security/2021/05/13/1http://www.openwall.com/lists/oss-security/2021/05/14/2https://www.debian.org/security/2021/dsa-4916https://security.gentoo.org/glsa/202105-15https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4916
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
brute forceCVE-2024-24908open redirectCVE-2024-31497CVE-2023-45866CVE-2024-4135CVE-2024-25523cache poisoningCVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook