PT-2026-36482 · Prosody · Prosody
Ley
·
Published
2026-05-01
·
Updated
2026-05-01
·
CVE-2026-43507
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Prosody versions prior to 0.12.6
Prosody versions 1.0.0 through 13.0.4
Description
A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections.
Recommendations
Update to version 0.12.6 or later.
Update to version 13.0.5 or later.
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Prosody