HGKeeper

Fix the date on the 2023 Q3 state of the bird
default tip
3 weeks ago, Gary Kramlich

4a261d8e9db1

Fix the date on the 2023 Q3 state of the bird

Testing Done:
Eyeball tests.

Reviewed at https://reviews.imfreedom.org/r/2791/

---

title: cve-2011-3184-00

date: 2011-08-20T00:00:00.000Z

cveNumber: cve-2011-3184

summary: Remote crash in MSN protocol plugin

discoveredBy: Marius Wachtler

fixedInRelease: 2.10.0

type: security

layout: cve

hidden: true

---

### Description

Incorrect handling of HTTP 100 responses in the MSN protocol plugin can cause

the application to attempt to access memory that it does not have access to.

This only affects users who have turned on the HTTP connection method for their

accounts (it's off by default). This might only be triggerable by a malicious

server and not a malicious peer. We believe remote code execution is not

possible.

### Mitigation

Correctly take into account the size of HTTP 100 response when parsing server

messages.