Denial of Service Vulnerability in Prosody by Prosody Software
CVE-2011-2532

Currently unrated

Key Information:

Vendor: Prosody
Status: Prosody
Vendor: CVE Published:; 22 June 2011

What is CVE-2011-2532?

The json.decode function in util/json.lua in Prosody versions prior to 0.8.1 is vulnerable to denial of service attacks. Malicious users can exploit this vulnerability by sending specially crafted invalid JSON data, which can result in an infinite loop and disrupt normal server operations. This issue highlights the importance of robust input validation in software applications to prevent service interruptions.

References

http://blog.prosody.im/prosody-0-8-1-released/

x_refsource_CONFIRM

http://hg.prosody.im/0.8/rev/20979f124ad9

x_refsource_CONFIRM

http://prosody.im/doc/release/0.8.1

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 22, 2011

CVE-2011-2532 Data

JSON