logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2014-2744

Description

plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an "xmppbomb" attack.


Affected Package


OS OS Version Package Name Package Version
Debian 12 lua-expat 1.5.1-1
Debian 11 lua-expat 1.3.0-4
Debian 10 lua-expat 1.3.0-4
Debian 999 lua-expat 1.5.1-1
Debian 12 prosody 0.12.1-2
Debian 11 prosody 0.11.9-2+deb11u2
Debian 10 prosody 0.11.2-1+deb10u4
Debian 999 prosody 0.12.1-2

Related