CVE-2011-2205

Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
prosodyprosody
𝑥
≤ 0.8.0
prosodyprosody
0.1.0
prosodyprosody
0.2.0
prosodyprosody
0.3.0
prosodyprosody
0.4.0
prosodyprosody
0.4.1
prosodyprosody
0.4.2
prosodyprosody
0.5.0
prosodyprosody
0.5.1
prosodyprosody
0.5.2
prosodyprosody
0.6
prosodyprosody
0.6.0
prosodyprosody
0.6.1
prosodyprosody
0.7
prosodyprosody
0.7.0
prosodyprosody
0.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
prosody
bullseye (security)
0.11.9-2+deb11u2
fixed
bullseye
0.11.9-2+deb11u2
fixed
squeeze
no-dsa
lenny
no-dsa
bookworm
0.12.3-1
fixed
trixie
0.12.4-1
fixed
sid
0.12.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
prosody
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
maverick
ignored
lucid
ignored
hardy
dne
Common Weakness Enumeration
References
http://blog.prosody.im/prosody-0-8-1-released/
http://hg.prosody.im/0.8/rev/5305a665bdd4
http://hg.prosody.im/0.8/rev/ee6a18f10a8d
http://prosody.im/doc/release/0.8.1
http://secunia.com/advisories/44852
http://www.openwall.com/lists/oss-security/2011/06/14/6
http://www.openwall.com/lists/oss-security/2011/06/15/5
http://www.securityfocus.com/bid/48125
https://exchange.xforce.ibmcloud.com/vulnerabilities/67884
http://blog.prosody.im/prosody-0-8-1-released/
http://hg.prosody.im/0.8/rev/5305a665bdd4
http://hg.prosody.im/0.8/rev/ee6a18f10a8d
http://prosody.im/doc/release/0.8.1
http://secunia.com/advisories/44852
http://www.openwall.com/lists/oss-security/2011/06/14/6
http://www.openwall.com/lists/oss-security/2011/06/15/5
http://www.securityfocus.com/bid/48125
https://exchange.xforce.ibmcloud.com/vulnerabilities/67884