Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a long login name sent to port 3103.