hugo/content/about/security/advisories/cve-2011-3184-00.md

Fri, 28 Feb 2025 00:58:39 -0600

author
Gary Kramlich <grim@reaperworld.com>
date
Fri, 28 Feb 2025 00:58:39 -0600
changeset 547
8400662befb3
parent 399
0ec2c139628a
permissions
-rw-r--r--

Add the Meshtastic plugin

I meant to add this awhile ago but somehow missed it.

Testing Done:
Ran `npm run hugo:server` and verified the plugin showed up.

Reviewed at https://reviews.imfreedom.org/r/3861/

---
title: cve-2011-3184-00
date: 2011-08-20T00:00:00.000Z
cveNumber: cve-2011-3184
summary: Remote crash in MSN protocol plugin
discoveredBy: Marius Wachtler
fixedInRelease: 2.10.0
type: security
layout: cve
hidden: true
---

### Description

Incorrect handling of HTTP 100 responses in the MSN protocol plugin can cause
the application to attempt to access memory that it does not have access to.
This only affects users who have turned on the HTTP connection method for their
accounts (it's off by default). This might only be triggerable by a malicious
server and not a malicious peer. We believe remote code execution is not
possible.

### Mitigation

Correctly take into account the size of HTTP 100 response when parsing server
messages.

mercurial