CVE-2011-3184
Published: 29 August 2011
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.
Priority
Status
Package | Release | Status |
---|---|---|
pidgin Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(1:2.6.6-1ubuntu4.4)
|
|
maverick |
Released
(1:2.7.3-1ubuntu3.3)
|
|
natty |
Released
(1:2.7.11-1ubuntu2.1)
|
|
oneiric |
Not vulnerable
(1:2.10.0-0ubuntu2)
|
|
upstream |
Released
(2.10.0-1)
|
|
Patches: other: http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1 |