Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-0217

Published: 26/08/2022 Updated: 07/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Prosody

Vulnerability Summary

It exists that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

prosody prosody

Vendor Advisories

Debian CVElist Bug Report Logs: prosody: CVE-2022-0217: Unauthenticated Remote Denial of Service Attack in the WebSocket interface
Debian Bug report logs - #1003696 prosody: CVE-2022-0217: Unauthenticated Remote Denial of Service Attack in the WebSocket interface Package: src:prosody; Maintainer for src:prosody is Debian XMPP Maintainers <pkg-xmpp-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 13 ...
Debian Security Advisories: DSA-5047-1 prosody -- security update
Matthew Wild discovered that the WebSockets code in Prosody, a lightweight Jabber/XMPP server, was susceptible to denial of service For the oldstable distribution (buster), this problem has been fixed in version 0112-1+deb10u3 For the stable distribution (bullseye), this problem has been fixed in version 0119-2+deb11u1 We recommend that you ...

Mailing Lists

Full Disclosure: Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request)
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) <!--X-Subject-Header-End- ...
Full Disclosure: Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE-2022-0217)
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE-2022-0217) <!--X-Subject-Header-En ...
Full Disclosure: Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE-2022-0217)
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE-2022-0217) <!--X-Subject-Header-En ...

References

CWE-611CWE-776https://prosody.im/security/advisory_20220113/https://bugzilla.redhat.com/show_bug.cgi?id=2040639https://prosody.im/security/advisory_20220113/1.patchhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003696https://nvd.nist.govhttps://www.debian.org/security/2022/dsa-5047
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook