Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2008-3532

Published: 08/08/2008 Updated: 29/09/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Pidgin

Vulnerability Summary

The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote malicious users to trick a user into accepting an invalid server certificate for a spoofed service.

Vulnerable Product Search on Vulmon Subscribe to Product

pidgin pidgin 2.4.3

Vendor Advisories

Red Hat: Moderate: pidgin security and bug fix update
Synopsis Moderate: pidgin security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated Pidgin packages that fix several security issues and bugs are nowavailable for Red Hat Enterprise Linux 4 and 5This update has been rated as having moderate security impact by the RedHat Security R ...
Debian CVElist Bug Report Logs: pidgin: Connects to Jabber server with bad SSL certificates without warning (CVE-2008-3532)
Debian Bug report logs - #492434 pidgin: Connects to Jabber server with bad SSL certificates without warning (CVE-2008-3532) Package: pidgin; Maintainer for pidgin is Ari Pollak <ari@debianorg>; Source for pidgin is src:pidgin (PTS, buildd, popcon) Reported by: Josh Triplett <josh@joshtriplettorg> Date: Sat, 26 Jul ...
Ubuntu Security Notice: pidgin vulnerabilities
It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges (CVE-2008-2927) ...

References

CWE-310http://developer.pidgin.im/attachment/ticket/6500/nss-cert-verify.patchhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434http://developer.pidgin.im/attachment/ticket/6500/nss_add_rev.patchhttp://developer.pidgin.im/ticket/6500http://secunia.com/advisories/31390http://www.mandriva.com/security/advisories?name=MDVSA-2009:025http://www.redhat.com/support/errata/RHSA-2008-1023.htmlhttp://secunia.com/advisories/33102http://support.avaya.com/elmodocs2/security/ASA-2008-493.htmhttp://www.vupen.com/english/advisories/2008/2318http://www.securityfocus.com/bid/30553http://www.ubuntu.com/usn/USN-675-1http://secunia.com/advisories/32859https://exchange.xforce.ibmcloud.com/vulnerabilities/44220https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18327https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10979https://access.redhat.com/errata/RHSA-2008:1023https://usn.ubuntu.com/675-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook