oss-sec mailing list archives

Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE-2022-0217)

From: Kim Alvefur <zash () zash se>
Date: Thu, 20 Jan 2022 20:41:24 +0100

Hi,

The fix for this issue introduced a regression in the from of a memory
leak (of the unintentional reference variety, not a true leak).

A fix for can be found in this commit:
https://hg.prosody.im/trunk/rev/e5e0ab93d7f4

--
Regards,
Kim "Zash" Alvefur

Attachment: signature.asc
Description:

Current thread:

Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) Jonas Schäfer (Jan 13)
- Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) Jonas Schäfer (Jan 13)
- Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE-2022-0217) Jonas Schäfer (Jan 13)
  - Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE-2022-0217) Kim Alvefur (Jan 20)
- Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) Jonas Schäfer (Jan 18)