Executive Summary

Informations
Name CVE-2011-3184 First vendor Publication 2011-08-29
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3184

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18284
 
Oval ID: oval:org.mitre.oval:def:18284
Title: The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message
Description: The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3184
 Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
 Product(s): Pidgin
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 58

OpenVAS Exploits

Date Description
2011-11-25 Name : Ubuntu Update for pidgin USN-1273-1
File : nvt/gb_ubuntu_USN_1273_1.nasl
2011-09-12 Name : Fedora Update for pidgin FEDORA-2011-11595
File : nvt/gb_fedora_2011_11595_pidgin_fc14.nasl
2011-09-12 Name : Mandriva Update for pidgin MDVSA-2011:132 (pidgin)
File : nvt/gb_mandriva_MDVSA_2011_132.nasl
2011-09-09 Name : Pidgin Libpurple Protocol Plugins Denial of Service Vulnerabilities (Win)
File : nvt/gb_pidgin_libpurple_protocol_plugins_dos_vuln_win.nasl
2011-09-07 Name : Fedora Update for pidgin FEDORA-2011-11544
File : nvt/gb_fedora_2011_11544_pidgin_fc15.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
74826 Pidgin libpurple MSN Protocol Plugin httpconn.c msn_httpconn_parse_data Funct...

Nessus® Vulnerability Scanner

Date Description
2011-11-22 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1273-1.nasl - Type : ACT_GATHER_INFO
2011-09-07 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11595.nasl - Type : ACT_GATHER_INFO
2011-09-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-132.nasl - Type : ACT_GATHER_INFO
2011-08-31 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11544.nasl - Type : ACT_GATHER_INFO
2011-08-22 Name : An instant messaging client installed on the remote Windows host has multiple...
File : pidgin_2_10_0.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b8895...
http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c16596...
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064943....
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/0651...
http://pidgin.im/news/security/?id=54
http://secunia.com/advisories/45663
http://secunia.com/advisories/45916
http://securitytracker.com/id?1025961
http://www.openwall.com/lists/oss-security/2011/08/22/10
http://www.openwall.com/lists/oss-security/2011/08/22/12
http://www.openwall.com/lists/oss-security/2011/08/22/4
http://www.openwall.com/lists/oss-security/2011/08/22/7
http://www.securityfocus.com/bid/49268
https://bugzilla.redhat.com/show_bug.cgi?id=732405
https://exchange.xforce.ibmcloud.com/vulnerabilities/69341
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
Date Informations
2024-11-28 23:04:19
  • Multiple Updates
2024-11-28 12:26:53
  • Multiple Updates
2021-05-04 12:15:15
  • Multiple Updates
2021-04-22 01:16:48
  • Multiple Updates
2020-05-23 01:46:31
  • Multiple Updates
2020-05-23 00:30:57
  • Multiple Updates
2019-06-05 12:03:40
  • Multiple Updates
2018-09-25 12:08:25
  • Multiple Updates
2017-09-19 09:24:54
  • Multiple Updates
2017-08-29 09:23:30
  • Multiple Updates
2016-04-26 21:01:48
  • Multiple Updates
2014-02-17 11:04:43
  • Multiple Updates
2013-11-04 21:21:46
  • Multiple Updates
2013-05-10 23:06:15
  • Multiple Updates