CVE-2011-3184

Public Date:
2011-08-20
Bugzilla:
732405: CVE-2011-3184 pidgin: Remote crash in MSN protocol plugin

The MITRE CVE dictionary describes this issue as:

The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.

Find out more about CVE-2011-3184 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat does not consider this to be a security flaw. As a malicious MSN server is needed, there are far worlse implications to a user connecting to an untrusted server than a DoS.

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 pidgin Not affected
Red Hat Enterprise Linux 5 pidgin Not affected
Red Hat Enterprise Linux 4 pidgin Not affected

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.