CVE-2021-32918 log

Severity High
Remote Yes
Type Denial of service
A security issue was found in the XMPP server software before version 0.11.9. It was discovered that default settings leave Prosody susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.
Group Package Affected Fixed Severity Status Ticket
AVG-1955 prosody 1:0.11.8-1 1:0.11.9-1 High Fixed
Date Advisory Group Package Severity Type
19 May 2021 ASA-202105-11 AVG-1955 prosody High multiple issues

The issue can be partly mitigated using stricter settings for stanza size limits, rate limits and garbage collection parameters, see the referenced advisory for more details.