prosody is vulnerable to denial of service. A remote unauthenticated attacker is able to crash the application via memory exhaustion when running under Lua 5.2 or Lua 5.3 on default settings.
www.openwall.com/lists/oss-security/2021/05/13/1
www.openwall.com/lists/oss-security/2021/05/14/2
blog.prosody.im/prosody-0.11.9-released/
lists.fedoraproject.org/archives/list/[email protected]/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/
lists.fedoraproject.org/archives/list/[email protected]/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/
lists.fedoraproject.org/archives/list/[email protected]/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.13/community.yaml
security.gentoo.org/glsa/202105-15
www.debian.org/security/2021/dsa-4916