NVD

Id
9868  
Name
CVE-2011-3184  
Description
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-07  
Published
2011-08-29  
Modified Date
2013-11-02  
Seq
2011-3184  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
56555 9868 CVE-2011-3184 http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c  View
56556 9868 CVE-2011-3184 http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1  View
56557 9868 CVE-2011-3184 FEDORA-2011-11544  View
56558 9868 CVE-2011-3184 FEDORA-2011-11595  View
56559 9868 CVE-2011-3184 oval:org.mitre.oval:def:18284  View
56560 9868 CVE-2011-3184 http://pidgin.im/news/security/?id=54  View
56561 9868 CVE-2011-3184 1025961  View
56562 9868 CVE-2011-3184 [oss-security] 20110822 Re: CVE request: Pidgin crash  View
56563 9868 CVE-2011-3184 [oss-security] 20110822 Re: CVE request: Pidgin crash  View
56564 9868 CVE-2011-3184 [oss-security] 20110822 Re: CVE request: Pidgin crash  View
56565 9868 CVE-2011-3184 [oss-security] 20110822 Re: CVE request: Pidgin crash  View
56566 9868 CVE-2011-3184 49268  View
56567 9868 CVE-2011-3184 pidgin-msn-protocol-dos(69341)  View
56568 9868 CVE-2011-3184 https://bugzilla.redhat.com/show_bug.cgi?id=732405  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
34628 JVNDB-2011-004870 Pidgin の msn_httpconn_parse_data 関数におけるサービス運用妨害 (DoS) の脆弱性 Pidgin の libpurple の MSN プロトコルプラグインの httpconn.c の msn_httpconn_parse_data 関数は、HTTP 100 レスポンスを適切に処理しないため、サービス運用妨害 (不正なメモリアクセスとアプリケーションクラッシュ) 状態となる脆弱性が存在します。 CVE-2011-3184 51091 CVE-2011-3184 9868 4.3 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-004870.html 2011-08-20 2012-09-28 View