Back to search
CVE-2017-18265
Published: May 9, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s module.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-4198
vendor-advisory
x_refsource_DEBIAN
https://hg.prosody.im/0.9/rev/176b7f4e4ac9
x_refsource_MISC
https://hg.prosody.im/0.9/rev/adfffc5b4e2a
x_refsource_MISC
https://prosody.im/issues/issue/987
x_refsource_MISC
https://bugs.debian.org/875829
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now