CVE-2011-2531
Summary
| CVE | CVE-2011-2531 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-06-22 21:55:00 UTC |
| Updated | 2011-06-28 04:00:00 UTC |
| Description | Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service (data truncation) by sending a large amount of data. |
Risk And Classification
Problem Types: CWE-399
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Prosody IM 0.8: revision c806a599224a: mod_storage_sql: Switch to MEDIUMTEXT for the 'value' column when using MySQL, as it imposes a 64K limit otherwise, potentially truncating data. Automatically upgrades existing tables. | CONFIRM | hg.prosody.im | Patch |
| Prosody IM 0.8: revision d2406f0ce8a5: migrator/prosody_sql.lua: Create (and upgrade) MySQL tables to use MEDIUMTEXT for the 'value' column to avoid truncation | CONFIRM | hg.prosody.im | Patch |
| Prosody 0.8.1 released - Prosodical Thoughts | CONFIRM | blog.prosody.im | Patch |
| 0.8.1 Release Notes - Prosody.im | CONFIRM | prosody.im | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.