CVE Vulnerabilities

CVE-2011-2532

Published: Jun 22, 2011 | Modified: Jun 28, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service (infinite loop) via invalid JSON data, as demonstrated by truncated data.

Affected Software

Name Vendor Start Version End Version
Prosody Prosody 0.8.0 (including) 0.8.0 (including)
Prosody Ubuntu upstream *

References