Fluid Attacks Database

Description

The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	pidgin	>=0 <2.10.0-1	2.10.0-1
debian 14	pidgin	>=0 <2.10.0-1	2.10.0-1
debian 11	pidgin	>=0 <2.10.0-1	2.10.0-1
debian 12	pidgin	>=0 <2.10.0-1	2.10.0-1

Aliases

1. CVE-2011-31842. NVD-2011-31843. OSV-DEBIAN-2011-31844. OSV-2011-31845. SECURITY-TRACKER-CVE-2011-3184

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.