CVE-2011-3184

Publication date 29 August 2011

Last updated 24 July 2024

Description

The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
pidgin	11.10 oneiric	Not affected
	11.04 natty	Fixed 1:2.7.11-1ubuntu2.1
	10.10 maverick	Fixed 1:2.7.3-1ubuntu3.3
	10.04 LTS lucid	Fixed 1:2.6.6-1ubuntu4.4
	8.04 LTS hardy	Ignored end of life

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
pidgin	Other: http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1273-1
Pidgin vulnerabilities
21 November 2011

Other references

http://www.openwall.com/lists/oss-security/2011/08/22/12
http://pidgin.im/news/security/?id=54
https://www.cve.org/CVERecord?id=CVE-2011-3184