It was discovered that default settings leave Prosody susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3. Lua 5.2 is the default and recommended Lua version for Prosody 0.11.x series. The default configuration is susceptible to this issue. Configurations with stricter settings for stanza size limits, rate limits and garbage collection parameters are at decreased risk from this attack. For more details please review the ‘Mitigation’ section for recommended values. Reference: https://prosody.im/security/advisory_20210512/
Created prosody tracking bugs for this issue: Affects: fedora-all [bug 1960336]
Well, this also affects at least EPEL 8
Created prosody tracking bugs for this issue: Affects: epel-all [bug 1960354]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.