Ubuntu.comUB:CVE-2021-32918CVE-2021-32918
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.01 Low
EPSS
Percentile
83.2%
An issue was discovered in Prosody before 0.11.9. Default settings are
susceptible to remote unauthenticated denial-of-service (DoS) attacks via
memory exhaustion when running under Lua 5.2 or Lua 5.3.
References
blog.prosody.im/prosody-0.11.9-released/
hg.prosody.im/trunk/rev/1937b3c3efb5
hg.prosody.im/trunk/rev/3413fea9e6db
hg.prosody.im/trunk/rev/63fd4c8465fb
hg.prosody.im/trunk/rev/929de6ade6b6
hg.prosody.im/trunk/rev/b0d8920ed5e5
hg.prosody.im/trunk/rev/db8e41eb6eff
launchpad.net/bugs/cve/CVE-2021-32918
nvd.nist.gov/vuln/detail/CVE-2021-32918
prosody.im/security/advisory_20210512.txt
security-tracker.debian.org/tracker/CVE-2021-32918
www.cve.org/CVERecord?id=CVE-2021-32918
www.openwall.com/lists/oss-security/2021/05/13/1
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.01 Low
EPSS
Percentile
83.2%