{"id":"CVE-2014-2745","details":"Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an \"xmppbomb\" attack, related to core/portmanager.lua and util/xmppstream.lua.","modified":"2026-04-10T03:43:43.235519Z","published":"2014-04-11T01:55:06Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/57710"},{"type":"ADVISORY","url":"http://www.debian.org/security/2014/dsa-2895"},{"type":"ARTICLE","url":"http://blog.prosody.im/prosody-0-9-4-released/"},{"type":"WEB","url":"http://hg.prosody.im/0.9/rev/1107d66d2ab2"},{"type":"WEB","url":"http://hg.prosody.im/0.9/rev/a97591d2e1ad"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2014/04/07/7"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2014/04/09/1"},{"type":"WEB","url":"http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/"}],"schema_version":"1.7.5"}