CVE-2011-3184
First published: Mon Aug 22 2011(Updated: )
A flaw was found in the handling of HTTP 100 responses in the MSN protocol plugin. It can cause the application to attempt to access memory that it does not have access to. This only affects users who have turned on the HTTP connection method for their accounts (it's off by default). This might only be triggerable by a malicious server and not a malicious peer. Remote code execution is not possible. Reference: <a href="http://pidgin.im/news/security/?id=54">http://pidgin.im/news/security/?id=54</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pidgin | <=2.9.0 | |
| Pidgin | =2.0.0 | |
| Pidgin | =2.0.1 | |
| Pidgin | =2.0.2 | |
| Pidgin | =2.1.0 | |
| Pidgin | =2.1.1 | |
| Pidgin | =2.2.0 | |
| Pidgin | =2.2.1 | |
| Pidgin | =2.2.2 | |
| Pidgin | =2.3.0 | |
| Pidgin | =2.3.1 | |
| Pidgin | =2.4.0 | |
| Pidgin | =2.4.1 | |
| Pidgin | =2.4.2 | |
| Pidgin | =2.4.3 | |
| Pidgin | =2.5.0 | |
| Pidgin | =2.5.1 | |
| Pidgin | =2.5.2 | |
| Pidgin | =2.5.3 | |
| Pidgin | =2.5.4 | |
| Pidgin | =2.5.5 | |
| Pidgin | =2.5.6 | |
| Pidgin | =2.5.7 | |
| Pidgin | =2.5.8 | |
| Pidgin | =2.5.9 | |
| Pidgin | =2.6.0 | |
| Pidgin | =2.6.1 | |
| Pidgin | =2.6.2 | |
| Pidgin | =2.6.4 | |
| Pidgin | =2.6.5 | |
| Pidgin | =2.6.6 | |
| Pidgin | =2.7.0 | |
| Pidgin | =2.7.1 | |
| Pidgin | =2.7.2 | |
| Pidgin | =2.7.3 | |
| Pidgin | =2.7.4 | |
| Pidgin | =2.7.5 | |
| Pidgin | =2.7.6 | |
| Pidgin | =2.7.7 | |
| Pidgin | =2.7.8 | |
| Pidgin | =2.7.9 | |
| Pidgin | =2.7.10 | |
| Pidgin | =2.7.11 | |
| Pidgin | =2.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c
- https://bugzilla.redhat.com/show_bug.cgi?id=732405
- http://www.openwall.com/lists/oss-security/2011/08/22/4
- http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1
- http://pidgin.im/news/security/?id=54
- http://www.openwall.com/lists/oss-security/2011/08/22/7
- http://www.securityfocus.com/bid/49268
- http://www.openwall.com/lists/oss-security/2011/08/22/12
- http://www.openwall.com/lists/oss-security/2011/08/22/10
- http://secunia.com/advisories/45663
- http://securitytracker.com/id?1025961
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065190.html
- http://secunia.com/advisories/45916
- http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064943.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69341
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18284
Frequently Asked Questions
What is the severity of CVE-2011-3184?
CVE-2011-3184 has a medium severity level due to its potential to allow unauthorized memory access.
How do I fix CVE-2011-3184?
To fix CVE-2011-3184, update Pidgin to a version later than 2.8.0 where the vulnerability is patched.
Which software versions are affected by CVE-2011-3184?
CVE-2011-3184 affects Pidgin versions from 2.0.0 to 2.8.0.
What type of vulnerability is CVE-2011-3184?
CVE-2011-3184 is a memory access vulnerability resulting from improper handling of HTTP 100 responses.
Who is at risk for CVE-2011-3184?
Users of Pidgin who have enabled the HTTP connection method are at risk for CVE-2011-3184.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-3184
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/pidgin
- canonical/pidgin
- version/pidgin/2.9.0
- version/pidgin/2.0.0
- version/pidgin/2.0.1
- version/pidgin/2.0.2
- version/pidgin/2.1.0
- version/pidgin/2.1.1
- version/pidgin/2.2.0
- version/pidgin/2.2.1
- version/pidgin/2.2.2
- version/pidgin/2.3.0
- version/pidgin/2.3.1
- version/pidgin/2.4.0
- version/pidgin/2.4.1
- version/pidgin/2.4.2
- version/pidgin/2.4.3
- version/pidgin/2.5.0
- version/pidgin/2.5.1
- version/pidgin/2.5.2
- version/pidgin/2.5.3
- version/pidgin/2.5.4
- version/pidgin/2.5.5
- version/pidgin/2.5.6
- version/pidgin/2.5.7
- version/pidgin/2.5.8
- version/pidgin/2.5.9
- version/pidgin/2.6.0
- version/pidgin/2.6.1
- version/pidgin/2.6.2
- version/pidgin/2.6.4
- version/pidgin/2.6.5
- version/pidgin/2.6.6
- version/pidgin/2.7.0
- version/pidgin/2.7.1
- version/pidgin/2.7.2
- version/pidgin/2.7.3
- version/pidgin/2.7.4
- version/pidgin/2.7.5
- version/pidgin/2.7.6
- version/pidgin/2.7.7
- version/pidgin/2.7.8
- version/pidgin/2.7.9
- version/pidgin/2.7.10
- version/pidgin/2.7.11
- version/pidgin/2.8.0