6 matches found
CVE-2011-2532
The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...
Design/Logic Flaw
The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...
CVE-2011-2532
The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...
CVE-2011-2532
Prosody 0.8.x before 0.8.1 is affected by a denial-of-service issue in json.decode (util/json.lua) triggered by invalid JSON data, e.g., truncated input. The vulnerability allows remote attackers to cause an infinite loop. Remediation is upgrading to Prosody 0.8.1 (as per the 0.8.1 release notes)...
CVE-2011-2531
Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service data truncation by sending a large amount of data...
CVE-2011-2531
Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service data truncation by sending a large amount of data...