Published: 01/07/2008 Updated: 29/09/2017

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote malicious users to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pidgin pidgin 2.0.0

Synopsis Moderate: pidgin security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated Pidgin packages that fix several security issues and bugs are nowavailable for Red Hat Enterprise Linux 4 and 5This update has been rated as having moderate security impact by the RedHat Security R ...

Debian Bug report logs - #488632 pidgin: Few security flaws Package: pidgin; Maintainer for pidgin is Ari Pollak <ari@debianorg>; Source for pidgin is src:pidgin (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Mon, 30 Jun 2008 08:36:02 UTC Severity: important Tags: fixed-upstr ...

It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges (CVE-2008-2927) ...

CWE-20 http://crisp.cs.du.edu/?q=ca2007-1 http://www.openwall.com/lists/oss-security/2008/06/27/3 http://www.securityfocus.com/bid/29985 http://www.mandriva.com/security/advisories?name=MDVSA-2009:025 http://www.redhat.com/support/errata/RHSA-2008-1023.html http://secunia.com/advisories/33102 http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm http://secunia.com/advisories/32859 http://www.ubuntu.com/usn/USN-675-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9076 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17599 https://access.redhat.com/errata/RHSA-2008:1023 https://usn.ubuntu.com/675-1/https://nvd.nist.gov

CVE-2008-2957

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect