CVE-2011-2531

EUVD-2011-2514
Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service (data truncation) by sending a large amount of data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
prosodyprosody
0.8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
prosody
bookworm
0.12.3-1
fixed
bullseye
0.11.9-2+deb11u2
fixed
bullseye (security)
0.11.9-2+deb11u2
fixed
sid
0.12.4-1
fixed
squeeze
no-dsa
trixie
0.12.4-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
prosody
hardy
dne
lucid
not-affected
maverick
not-affected
natty
not-affected
Common Weakness Enumeration
References
http://blog.prosody.im/prosody-0-8-1-released/
http://hg.prosody.im/0.8/rev/c806a599224a
http://hg.prosody.im/0.8/rev/d2406f0ce8a5
http://prosody.im/doc/release/0.8.1
http://blog.prosody.im/prosody-0-8-1-released/
http://hg.prosody.im/0.8/rev/c806a599224a
http://hg.prosody.im/0.8/rev/d2406f0ce8a5
http://prosody.im/doc/release/0.8.1