Your submission was sent successfully! Close

CVE-2021-32921

Published: 13 May 2021

An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker.

Priority

Low

CVSS 3 base score: 5.9

Status

Package Release Status
prosody
Launchpad, Ubuntu, Debian
bionic Needed

focal Needed

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needed

jammy Needed

precise Does not exist

trusty Does not exist

upstream
Released (0.11.9)
xenial Ignored
(out of standard support)