oss-sec mailing list archives
Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request)
From: Jonas Schäfer <jonas () wielicki name>
Date: Tue, 18 Jan 2022 17:05:50 +0100
On Donnerstag, 13. Januar 2022 15:01:11 CET Jonas Schäfer wrote:
A remote unauthenticated denial of service / resource exhaustion attack was discovered in all Prosody servers with WebSockets enabled and publicly accessible. Upstream builds have been started and should be available shortly. The closely related Snikket project will publish new images shortly, too. Jitsi Meet have been informed ahead of time. Please see the below advisory for full information.
As promised, attached you'll find instructions for probing for the vulnerability. kind regards, Jonas
Attachment:
instructions.md
Description:
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) Jonas Schäfer (Jan 13)
- Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) Jonas Schäfer (Jan 13)
- Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE-2022-0217) Jonas Schäfer (Jan 13)
- Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) Jonas Schäfer (Jan 18)