VYPR
Unrated severityNVD Advisory· Published Jun 22, 2011· Updated Jun 16, 2026

CVE-2011-2205

CVE-2011-2205

Description

Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

17
  • Prosody/Prosody17 versions
    cpe:2.3:a:prosody:prosody:*:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:prosody:prosody:*:*:*:*:*:*:*:*range: <=0.8.0
    • cpe:2.3:a:prosody:prosody:0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:prosody:prosody:0.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:prosody:prosody:0.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:prosody:prosody:0.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:prosody:prosody:0.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:prosody:prosody:0.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:prosody:prosody:0.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:prosody:prosody:0.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:prosody:prosody:0.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:prosody:prosody:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:prosody:prosody:0.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:prosody:prosody:0.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:prosody:prosody:0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:prosody:prosody:0.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:prosody:prosody:0.8:*:*:*:*:*:*:*
    • (no CPE)range: <0.8.1

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.