UBUNTU-CVE-2022-0217

Source
https://ubuntu.com/security/CVE-2022-0217
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0217.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-0217
Related
Published
2022-08-26T18:15:00Z
Modified
2024-10-15T14:09:31Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611).

References

Affected packages

Ubuntu:Pro:16.04:LTS / prosody

Package

Name
prosody
Purl
pkg:deb/ubuntu/prosody?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.8-1
0.9.9-1
0.9.10-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / prosody

Package

Name
prosody
Purl
pkg:deb/ubuntu/prosody?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.12-2
0.10.0-1
0.10.0-1build1
0.10.0-1ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / prosody

Package

Name
prosody
Purl
pkg:deb/ubuntu/prosody?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.11.2-1
0.11.3-1
0.11.4-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / prosody

Package

Name
prosody
Purl
pkg:deb/ubuntu/prosody?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.11.10-1
0.11.10-1build1
0.11.10-1build2
0.11.11-1
0.11.11-2
0.11.12-1
0.11.13-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / prosody

Package

Name
prosody
Purl
pkg:deb/ubuntu/prosody?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.12.4-1build3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / prosody

Package

Name
prosody
Purl
pkg:deb/ubuntu/prosody?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.12.3-1
0.12.4-1
0.12.4-1build1
0.12.4-1build2
0.12.4-1build3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}