CVE-2011-2531Prosody vulnerability

CWE-3994 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.8%
top 26.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ProsodyDebian Prosody
Timeline
PublishedJun 22
Latest updateMay 17

Description

Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service (data truncation) by sending a large amount of data.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/prosody< prosody 0.8.1-1 (bookworm)
Debianprosody/prosody< 0.8.1-1+3
NVDprosody/prosody0.8.0

Patches

Patch: blog.prosody.imPatch: hg.prosody.imPatch: hg.prosody.im

🔴Vulnerability Details

2
GHSA
GHSA-68xv-w725-c7q5: Prosody 02022-05-17
OSV
CVE-2011-2531: Prosody 02011-06-22

📋Vendor Advisories

1
Debian
CVE-2011-2531: prosody - Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type t...2011
CVE-2011-2531 — Debian Prosody vulnerability | cvebase