cve-2011-3184-00

Summary Remote crash in MSN protocol plugin
Date 2011-08-20
CVE Number CVE-2011-3184
Discovered By Marius Wachtler
Fixed In Release 2.10.0

Description

Incorrect handling of HTTP 100 responses in the MSN protocol plugin can cause the application to attempt to access memory that it does not have access to. This only affects users who have turned on the HTTP connection method for their accounts (it’s off by default). This might only be triggerable by a malicious server and not a malicious peer. We believe remote code execution is not possible.

Mitigation

Correctly take into account the size of HTTP 100 response when parsing server messages.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site