Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2021-32920

Published: 13/05/2021 Updated: 07/11/2023
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Prosody

Vulnerability Summary

Prosody prior to 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

prosody prosody

debian debian linux 10.0

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Debian CVElist Bug Report Logs: prosody: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921
Debian Bug report logs - #988668 prosody: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921 Package: src:prosody; Maintainer for src:prosody is Debian XMPP Maintainers <pkg-xmpp-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 17 May 2021 17:12:0 ...
Debian Security Advisories: DSA-4916-1 prosody -- security update
Multiple security issues were found in Prosody, a lightweight Jabber/XMPP server, which could result in denial of service or information disclosure For the stable distribution (buster), these problems have been fixed in version 0112-1+deb10u1 We recommend that you upgrade your prosody packages For the detailed security status of prosody please ...
Arch Linux Issues:
A security issue was found in the Prosodyim XMPP server software before version 0119 It was discovered that Prosody does not disable SSL/TLS renegotiation, even though this is not used in XMPP A malicious client may flood a connection with renegotiation requests to consume excessive CPU resources on the server ...

Mailing Lists

Full Disclosure: Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) <!--X-Subject-Header-End--> <!--X-Head-of-Message--> ...

References

NVD-CWE-Otherhttps://blog.prosody.im/prosody-0.11.9-released/http://www.openwall.com/lists/oss-security/2021/05/13/1http://www.openwall.com/lists/oss-security/2021/05/14/2https://www.debian.org/security/2021/dsa-4916https://security.gentoo.org/glsa/202105-15https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4916
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644unprivilegedCVE-2024-3494CVE-2024-22460CVE-2024-26026CVE-2024-23473firewallCVE-2024-28889XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook