CVE-2014-2745

Name of the Vulnerable Software and Affected Versions Prosody versions prior to 0.9.4

Description The issue allows remote attackers to cause a denial of service due to improper restriction of compressed XML elements processing. This can be achieved through a crafted XMPP stream, also known as an "xmppbomb" attack. The issue is related to the core/portmanager.lua and util/xmppstream.lua components.

Recommendations For versions prior to 0.9.4, update to version 0.9.4 or later to resolve the issue. As a temporary workaround, consider restricting the processing of compressed XML elements in XMPP streams to minimize the risk of exploitation.