Vulnerability Details : CVE-2008-2957
The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2008-2957
- cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-2957
4.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-2957
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:P |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2008-2957
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-2957
-
http://www.ubuntu.com/usn/USN-675-1
USN-675-1: Pidgin vulnerabilities | Ubuntu security notices | Ubuntu
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17599
404 Not Found
-
http://www.redhat.com/support/errata/RHSA-2008-1023.html
Support
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:025
Mandriva
-
http://crisp.cs.du.edu/?q=ca2007-1
CRISP
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9076
404 Not Found
-
http://www.securityfocus.com/bid/29985
-
http://www.openwall.com/lists/oss-security/2008/06/27/3
oss-security - CVE Request (pidgin)
-
http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm
ASA-2008-493 (RHSA-2008-1023)
Jump to