Information Disclosure Vulnerability in Prosody by Prosody.im
CVE-2014-2745

Currently unrated

Key Information:

Vendor: Prosody
Status: Prosody
Vendor: CVE Published:; 11 April 2014

What is CVE-2014-2745?

The vulnerability in Prosody, prior to version 0.9.4, involves improper restrictions during the processing of highly compressed XML elements. This flaw allows remote attackers to execute a denial-of-service attack through carefully crafted XMPP streams, which can lead to substantial resource consumption on the server. The issue is primarily linked to specific components such as core/portmanager.lua and util/xmppstream.lua, potentially resulting in service disruptions and performance degradation for users.

References

http://xmpp.org/resources/security-notices/uncontrolled-r...

x_refsource_MISC

http://hg.prosody.im/0.9/rev/a97591d2e1ad

x_refsource_CONFIRM

http://www.debian.org/security/2014/dsa-2895

vendor-advisoryx_refsource_DEBIAN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2014
Vulnerability Reserved
Apr 8, 2014

CVE-2014-2745 Data

JSON