Main Vulnerability Database Vulnerabilities #VU44933

Resource management error in Prosody - CVE-2011-2531

Published: June 23, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44933

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-2531

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Prosody

Affected software:
Prosody

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service (data truncation) by sending a large amount of data.

How to mitigate CVE-2011-2531

Install update from vendor's website.

Sources

http://blog.prosody.im/prosody-0-8-1-released/
http://hg.prosody.im/0.8/rev/c806a599224a
http://hg.prosody.im/0.8/rev/d2406f0ce8a5
http://prosody.im/doc/release/0.8.1

Resource management error in Prosody - CVE-2011-2531

Detailed vulnerability description

How to mitigate CVE-2011-2531

Sources

Please verify you're human