Unrated severityNVD Advisory· Published Jun 22, 2011· Updated Apr 29, 2026
CVE-2011-2205
CVE-2011-2205
Description
Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Affected products
16cpe:2.3:a:prosody:prosody:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:prosody:prosody:*:*:*:*:*:*:*:*range: <=0.8.0
- cpe:2.3:a:prosody:prosody:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:prosody:prosody:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:prosody:prosody:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:prosody:prosody:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:prosody:prosody:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:prosody:prosody:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:prosody:prosody:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:prosody:prosody:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:prosody:prosody:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:prosody:prosody:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:prosody:prosody:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:prosody:prosody:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:prosody:prosody:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:prosody:prosody:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:prosody:prosody:0.8:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- blog.prosody.im/prosody-0-8-1-released/nvdPatch
- hg.prosody.im/0.8/rev/5305a665bdd4nvdPatch
- hg.prosody.im/0.8/rev/ee6a18f10a8dnvdPatch
- prosody.im/doc/release/0.8.1nvdPatch
- secunia.com/advisories/44852nvdVendor Advisory
- www.openwall.com/lists/oss-security/2011/06/14/6nvd
- www.openwall.com/lists/oss-security/2011/06/15/5nvd
- www.securityfocus.com/bid/48125nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/67884nvd
News mentions
0No linked articles in our index yet.