CVE-2011-2532

Name of the Vulnerable Software and Affected Versions Prosody versions 0.8.0 through 0.8.1

Description The issue is related to the json.decode function in util/json.lua, which might allow remote attackers to cause a denial of service (infinite loop) via invalid JSON data. This can be demonstrated by sending truncated data.

Recommendations For versions 0.8.0 through 0.8.1, update to version 0.8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the json.decode function in util/json.lua to minimize the risk of exploitation.