Remote Denial-of-Service Vulnerability in Prosody XMPP Server
CVE-2021-32918

7.5HIGH

Key Information:

Vendor

Prosody

Status
Prosody
Vendor
CVE Published:
13 May 2021

What is CVE-2021-32918?

A remote unauthenticated denial-of-service vulnerability exists in the Prosody XMPP server due to default configurations that allow attackers to exploit memory exhaustion when running under Lua 5.2 or Lua 5.3. This flaw can lead to service disruption, impacting the availability of XMPP communications. Users are recommended to upgrade to version 0.11.9 or later to mitigate the risk of such attacks.

References

https://blog.prosody.im/prosody-0.11.9-released/
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2021/05/13/1
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/05/14/2
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.