CVE-2014-2745

NONE EPSS 86.3%
Published Apr 11, 201412y ago · Modified Jun 17, 20262w ago
Find Similar
Published Apr 11, 2014 12y ago
Last Modified Jun 17, 2026 2w ago

Description

Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua.

Threat Intelligence

EPSS Exploit Probability
86.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-264

Affected Products 20

VendorProductVersionRange
prosodyprosody* ≤0.9.3
prosodyprosody0.1.0any
prosodyprosody0.2.0any
prosodyprosody0.3.0any
prosodyprosody0.4.0any
prosodyprosody0.4.1any
prosodyprosody0.4.2any
prosodyprosody0.5.0any
prosodyprosody0.5.1any
prosodyprosody0.5.2any
prosodyprosody0.6.0any
prosodyprosody0.6.1any
prosodyprosody0.6.2any
prosodyprosody0.7.0any
prosodyprosody0.8.0any
prosodyprosody0.8.1any
prosodyprosody0.8.2any
prosodyprosody0.9.0any
prosodyprosody0.9.1any
prosodyprosody0.9.2any

References 8

  • blog.prosody.im http://blog.prosody.im/prosody-0-9-4-released/
  • hg.prosody.im http://hg.prosody.im/0.9/rev/1107d66d2ab2
  • hg.prosody.im http://hg.prosody.im/0.9/rev/a97591d2e1ad
  • openwall.com http://openwall.com/lists/oss-security/2014/04/07/7
  • openwall.com http://openwall.com/lists/oss-security/2014/04/09/1
  • secunia.com http://secunia.com/advisories/57710
  • debian.org http://www.debian.org/security/2014/dsa-2895
  • xmpp.org http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.