{
  "modified": "2025-08-09T19:01:28Z",
  "published": "2011-06-22T21:55:01Z",
  "id": "CVE-2011-2205",
  "details": "Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/44852"
    },
    {
      "type": "FIX",
      "url": "http://blog.prosody.im/prosody-0-8-1-released/"
    },
    {
      "type": "FIX",
      "url": "http://hg.prosody.im/0.8/rev/5305a665bdd4"
    },
    {
      "type": "FIX",
      "url": "http://hg.prosody.im/0.8/rev/ee6a18f10a8d"
    },
    {
      "type": "FIX",
      "url": "http://prosody.im/doc/release/0.8.1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/14/6"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/15/5"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/48125"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67884"
    }
  ]
}